Having a hidden abstract method for a class that can be extended
means that public implementors cannot implement these hidden methods
posing a risk that custom implementations will not have required
abstract methods resulting in an exception.
Bug: 151134792
Test: make update-api
Change-Id: I758d12465fabc671be19bedeeceb16885de23c87
Merged-In: I758d12465fabc671be19bedeeceb16885de23c87
Exempt-From-Owner-Approval: large scale suppression of existing issues,
no-op in terms of behavior
These are APIs that have @UnsupportedAppUsage but for which we don't
have any evidence of them currently being used, so should be safe to
remove from the unsupported list.
Bug: 170729553
Test: Treehugger
Merged-In: I626caf7c1fe46c5ab1f39c2895b42a34319f771a
Change-Id: I54e5ecd11e76ca1de3c5893e3a98b0108e735413
No change to logic, only docs. This removes non-inclusive terminology
("whitelist") from our API javadoc, with the exception of references to
setSafeBrowsingWhitelist() (which we plan to deprecate soon, in favor of
an inclusively named API).
This rephrases one paragraph to be a bit clearer as well.
Bug: 160928306
Test: m offline-sdk-docs -j4
Change-Id: If249be8a70b01c01390ebfeb418fd7c5e119f1f2
Child windows do not inherit FLAG_SECURE from parent windows, and
therefore, the default dialogs for JS callbacks do not have this flag
even when the app window has it.
This CL adds a note warning about this behavior to mitigate the
potential vulnerability.
Bug: 120086187
Test: m -j offline-sdk-docs seems not broken
Change-Id: I12f12befd1f303d26ebc866f4817f5184279caeb
Fix documentation to clearly indicate that the default behavior is to
show WebView's own default dialog, and also describe the default
behavior more clearly and how to customize it.
Bug: 154014645
Test: m -j offline-sdk-docs seems not broken
Change-Id: I7d1e10c5d406ed739fb3963b9099791cfce95063
Fix documentation to clearly indicate that the default behavior is to
show WebView's own default dialog, and also describing clearly default
dialog behavior and how to customize it.
Note that onJsBeforeUnload is not updated at the moment as I could not
find a way to reproduce it.
Bug: 154014645
Test: m -j offline-sdk-docs seems not broken
Change-Id: I5ee09ea35340eb8d17353eda1786dcebcff4a29e
Update the deprecation note for WebSettings.setAppCacheEnabled and
related to mention the public blog post about the feature being removed.
Fixes: 156409857
Test: m offline-sdk-docs
Change-Id: I0481937d665f3f16b61b921aa19e306ba8bb16e0
Fix documentation to clearly indicate that the default behavior is to
show WebView's own default dialog.
Also, change some wording to avoid confusion.
Bug: 154014645
Test: m -j offline-sdk-docs seems unbroken
Change-Id: I3f6676094e5472aa99bb014cf2b489f59133d094
Chrome will be removing the Application Cache API in future; deprecate
the APIs in WebView which allow Android apps to enable it.
Test: make offline-sdk-docs
Fixes: 156266477
Change-Id: I0feff5289706b5f7985013a18d9cf0e3e6b3ba78
Note that the strings are no longer cached here to avoid permanent
app Java heap growth due to strong cache. Consider that no user of DateSorter
exists in the platform, and the API is legacy. The impact on app performance
is expected to be very low.
Bug: 144560585
Bug: 138994281
Test: atest CtsWebkitTestCases:android.webkit.cts.DateSorterTest
Change-Id: I659d430901cf1838befc0a35f5188d069169e824
Deprecate unsafe:
- WebSettings#setAllowUniversalAccessFromFileURLs
- WebSettings#setAllowFileAccessFromFileURLs
- CookieManager#setAcceptFileSchemeCookies
And direct the users to use WebViewAssetLoader instead.
Bug: 148841999
Test: m offline-sdk-docs -j20
Change-Id: I607d1343cb2aa5baead49ceff6dbac4a4474009c
Update setAllowFileAccess java docs to reflect that it's now disabled by
default after merging crrev.com/c/2056824. Also add a note to use
androidx WebViewAssetLoader instead.
Bug: 148840827
Test: m offline-sdk-docs -j20
Change-Id: I15866ab63818771fd91f40828846d6b4c39d278e
(cherry picked from commit 47a4c2da51)
No change to logic, only docs. This announces 'Secure' cookies are
deprecated for insecure URL schemes (only "https://" is considered
secure). This doesn't mention target SDK, because apps should follow
this guidance for all WebView versions, target SDKs, and OS levels.
Bug: 149589092
Test: m offline-sdk-docs -j4
Change-Id: I07c2b5341588d354f7f8219ce71a3d2ca04bc982
The packageInfo can be null when the system is in a bad state and has no
WebView implementation; mark it @Nullable to make this clear.
Test: m
Change-Id: I9f87adf46809b9f1d4d6e68f35ec0fa18617834d
Make it more explicit that isForMainFrame() returns true only for the
actual main frame document, and not for any subresources, even if they
are subresources of the main frame.
Test: make ds-docs
Change-Id: I942cbe6a8f50d2f3af00b99b14a8503c8c4556de
PacProcessor is intended to be used as an internal implementation detail of
com.android.pacprocessor.PacService, which in turn implements the java.net.ProxySelector interface.
Processing the PAC file requires starting up an instance of V8
so is expected to be handled by the central system service and queried over IPC (PacService),
not for apps to try to run it themselves.
Bug: 147578322
Test: N/A.
Change-Id: I857bb3616d7029fa0d42bf25def50f46094ec1d9
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I5be7335b23a92b8ac80d2fd890198273b66ad644
Merged-In: I5be7335b23a92b8ac80d2fd890198273b66ad644
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I5be7335b23a92b8ac80d2fd890198273b66ad644
Annotate WebView API parameters as either @Nullable or @NonNull. When a
method returns a nullable type, add this to the javadoc as well.
Deprecated methods were ignored.
Bug: 119254822
Test: none (only changes annotations, no change in logic)
Change-Id: I701108240fd5905e1085a9e8bcce44567e517892
go/cleanup-greylist-txt
These have already been greylisted, however due to bugs/omissions in the tooling have been kept in go/greylist-txt instead of being annotated in the code.
This is partial merge of aosp/Id6c1f5e403a0e66edb1102ee45f3bf19f244fb09. Telephony greylist cleanup has been done separately. Note that annotations outside of frameworks/base/ have been merged from AOSP.
Bug: 137350495
Test: m
Exempt-From-Owner-Approval: merge
Change-Id: I015c466e8b69cc0fed5e9d394ba865aad11d8ba6
go/cleanup-greylist-txt
These have already been greylisted, however due to bugs/omissions in the tooling have been kept in go/greylist-txt instead of being annotated in the code.
Bug: 137350495
Test: m
Change-Id: Id6c1f5e403a0e66edb1102ee45f3bf19f244fb09
Merged-In: Id6c1f5e403a0e66edb1102ee45f3bf19f244fb09
No change to logic, only docs.
This clarifies the docs for onShowCustomView. This @links to
FLAG_FULLSCREEN, reminds the developer they must override both
onShowCustomView and onHideCustomView, and provides guidance for
CustomViewCallback.
Bug: 143247282
Test: make -j4 docs
Change-Id: I64de3723674da5c138438921cc8232c4bf2a3d98
