Child windows do not inherit FLAG_SECURE from parent windows, and
therefore, the default dialogs for JS callbacks do not have this flag
even when the app window has it.
This CL adds a note warning about this behavior to mitigate the
potential vulnerability.
Bug: 120086187
Test: m -j offline-sdk-docs seems not broken
Change-Id: I12f12befd1f303d26ebc866f4817f5184279caeb
Fix documentation to clearly indicate that the default behavior is to
show WebView's own default dialog, and also describe the default
behavior more clearly and how to customize it.
Bug: 154014645
Test: m -j offline-sdk-docs seems not broken
Change-Id: I7d1e10c5d406ed739fb3963b9099791cfce95063
Fix documentation to clearly indicate that the default behavior is to
show WebView's own default dialog, and also describing clearly default
dialog behavior and how to customize it.
Note that onJsBeforeUnload is not updated at the moment as I could not
find a way to reproduce it.
Bug: 154014645
Test: m -j offline-sdk-docs seems not broken
Change-Id: I5ee09ea35340eb8d17353eda1786dcebcff4a29e
Update the deprecation note for WebSettings.setAppCacheEnabled and
related to mention the public blog post about the feature being removed.
Fixes: 156409857
Test: m offline-sdk-docs
Change-Id: I0481937d665f3f16b61b921aa19e306ba8bb16e0
Fix documentation to clearly indicate that the default behavior is to
show WebView's own default dialog.
Also, change some wording to avoid confusion.
Bug: 154014645
Test: m -j offline-sdk-docs seems unbroken
Change-Id: I3f6676094e5472aa99bb014cf2b489f59133d094
Chrome will be removing the Application Cache API in future; deprecate
the APIs in WebView which allow Android apps to enable it.
Test: make offline-sdk-docs
Fixes: 156266477
Change-Id: I0feff5289706b5f7985013a18d9cf0e3e6b3ba78
Deprecate unsafe:
- WebSettings#setAllowUniversalAccessFromFileURLs
- WebSettings#setAllowFileAccessFromFileURLs
- CookieManager#setAcceptFileSchemeCookies
And direct the users to use WebViewAssetLoader instead.
Bug: 148841999
Test: m offline-sdk-docs -j20
Change-Id: I607d1343cb2aa5baead49ceff6dbac4a4474009c
Update setAllowFileAccess java docs to reflect that it's now disabled by
default after merging crrev.com/c/2056824. Also add a note to use
androidx WebViewAssetLoader instead.
Bug: 148840827
Test: m offline-sdk-docs -j20
Change-Id: I15866ab63818771fd91f40828846d6b4c39d278e
(cherry picked from commit 47a4c2da51)
No change to logic, only docs. This announces 'Secure' cookies are
deprecated for insecure URL schemes (only "https://" is considered
secure). This doesn't mention target SDK, because apps should follow
this guidance for all WebView versions, target SDKs, and OS levels.
Bug: 149589092
Test: m offline-sdk-docs -j4
Change-Id: I07c2b5341588d354f7f8219ce71a3d2ca04bc982
The packageInfo can be null when the system is in a bad state and has no
WebView implementation; mark it @Nullable to make this clear.
Test: m
Change-Id: I9f87adf46809b9f1d4d6e68f35ec0fa18617834d
Make it more explicit that isForMainFrame() returns true only for the
actual main frame document, and not for any subresources, even if they
are subresources of the main frame.
Test: make ds-docs
Change-Id: I942cbe6a8f50d2f3af00b99b14a8503c8c4556de
PacProcessor is intended to be used as an internal implementation detail of
com.android.pacprocessor.PacService, which in turn implements the java.net.ProxySelector interface.
Processing the PAC file requires starting up an instance of V8
so is expected to be handled by the central system service and queried over IPC (PacService),
not for apps to try to run it themselves.
Bug: 147578322
Test: N/A.
Change-Id: I857bb3616d7029fa0d42bf25def50f46094ec1d9
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I5be7335b23a92b8ac80d2fd890198273b66ad644
Annotate WebView API parameters as either @Nullable or @NonNull. When a
method returns a nullable type, add this to the javadoc as well.
Deprecated methods were ignored.
Bug: 119254822
Test: none (only changes annotations, no change in logic)
Change-Id: I701108240fd5905e1085a9e8bcce44567e517892
go/cleanup-greylist-txt
These have already been greylisted, however due to bugs/omissions in the tooling have been kept in go/greylist-txt instead of being annotated in the code.
This is partial merge of aosp/Id6c1f5e403a0e66edb1102ee45f3bf19f244fb09. Telephony greylist cleanup has been done separately. Note that annotations outside of frameworks/base/ have been merged from AOSP.
Bug: 137350495
Test: m
Exempt-From-Owner-Approval: merge
Change-Id: I015c466e8b69cc0fed5e9d394ba865aad11d8ba6
No change to logic, only docs.
This clarifies the docs for onShowCustomView. This @links to
FLAG_FULLSCREEN, reminds the developer they must override both
onShowCustomView and onHideCustomView, and provides guidance for
CustomViewCallback.
Bug: 143247282
Test: make -j4 docs
Change-Id: I64de3723674da5c138438921cc8232c4bf2a3d98
Inform developers that having onscreen zoom controls is deprecated and
that it's therefore not recommended to enable them in WebView, with
reference to ZoomButtonsController (which is what WebView uses to
implement them).
Bug: 141732094
Test: make ds-docs
Change-Id: I134551b87d3a93072e28aef56667507214b3e9c4
RFC2109 has been obsolete for a long time, and the docs aren't very
clear what exactly the RFC has to do with CookieManager; the RFC is
about HTTP and it's not immediately clear how this would apply to a Java
API.
Update the reference to the current cookie spec (and hyperlink it), and
clarify the text to explain that the HTTP header formats from the RFC
are the formats used to get/set set cookies.
Fixes: 143086151
Test: make ds-docs
Change-Id: I5e5838d3435b74516847b63e485fdd93810284aa
Another CL in this topic moves libcore.net.MimeMap to package
libcore.content.type. This CL updates associated references.
Bug: 136256059
Bug: 124232146
Test: Treehugger
Test: CtsMimeMapTestCases
Exempt-From-Owner-Approval: move affecting imports only
Change-Id: I30aac8b28a1740180ea01834a2bb66b61cb255d4
Restrict the set of digits recognised to ASCII to avoid throwing a
NumberFormatException
Bug: 141534831
Test: atest CtsWebkitTestCases
Change-Id: Ifc39fef9b8e2b66b3e0a9a6590b5817136cccd2f
To prepare for enabling MissingNullability Metalava check this CL
works on adding missing nullability issues that metalava flags if
we tell it to flag new things since API 29.
This is not a complete CL, mostly addresses public api and
toString/equals for @SystemApi
Exempt-From-Owner-Approval: Large scale nullability clean up
Bug: 124515653
Test: make -j checkapi
Change-Id: I109260842cfc25f06e40694997fcbb4afa02c867
