New issue
Advanced search Search tips

Issue 889300 link

Starred by 1 user
Status: Verified
Owner:
ntfschr@chromium.org
Closed: Sep 26
Cc:
torne@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 3
Type: Bug



Sign in to add a comment

Catch SecurityException when starting intents (for default webviewclient)

Project Member Reported by ntfschr@chromium.org, Sep 25 
This is a proposed behavior change for the default behavior (when no WebViewClient is set), as per http://b/115868439 and issue 808494.

Some apps declare private Activities in their intent filters. Android allows this, but throws a SecurityException when sending an intent to such an Activity.

We should catch these intents in the default WebViewClient (this is what Chrome currently does). No change in behavior to apps which *do* set a WebViewClient (this is up to them to handle).

Someone holler if this seems unreasonable.

Comment 1 by ntfschr@chromium.org, Sep 25

Components: Mobile>WebView
Labels: OS-Android
Status: Assigned (was: Untriaged)
Project Member

Comment 2 by bugdroid1@chromium.org, Sep 26 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/25bf0d7df72978e3a1c1bea124fb288d15ac375b

commit 25bf0d7df72978e3a1c1bea124fb288d15ac375b
Author: Nate Fischer <ntfschr@chromium.org>
Date: Wed Sep 26 18:13:01 2018

AW: ignore and log SecurityException for intents

Some apps declare a permission-guarded yet exported="true" Activity.
Starting an intent to such an Activity will triggers a
SecurityException. Instead of crashing, we should just ignore these
intents.

Chrome already handles this case, so this CL changes WebView shell and
the default WebViewClient to behave similarly.

This change will have no impact for apps which set their own
WebViewClient, which should represent the vast majority of apps.

R=torne@chromium.org

Bug:  889300 
Test: Manual - built a test app as described in http://b/115868439.
Change-Id: Ia9ff8113d4796033661366c06e186d7bb6eb288d
Reviewed-on: https://chromium-review.googlesource.com/1244547
Reviewed-by: Richard Coles <torne@chromium.org>
Commit-Queue: Nate Fischer <ntfschr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#594387}
[modify] https://crrev.com/25bf0d7df72978e3a1c1bea124fb288d15ac375b/android_webview/java/src/org/chromium/android_webview/AwContentsClient.java
[modify] https://crrev.com/25bf0d7df72978e3a1c1bea124fb288d15ac375b/android_webview/tools/system_webview_shell/apk/src/org/chromium/webview_shell/WebViewBrowserActivity.java

Comment 3 by ntfschr@chromium.org, Sep 26

Status: Fixed (was: Assigned)
Steps to verify:
1. Install attached APK
2. Start the app, click on the link labeled "Crash"
3. Observe a network error page
BadIntentCrash.apk
1.6 MB Download

Comment 4 by alek...@chromium.org, Oct 1

Status: Verified (was: Fixed)
Verified on: Pixel 2 / Q vs 71.0.3567.0, when i clicked on "Crash" I was able to see "Webpage not available"

Sign in to add a comment