Skip to content

Feat/login using webview#100

Draft
grvgoel81 wants to merge 5 commits intomasterfrom
feat/login-using-webview
Draft

Feat/login using webview#100
grvgoel81 wants to merge 5 commits intomasterfrom
feat/login-using-webview

Conversation

@grvgoel81
Copy link
Contributor

@grvgoel81 grvgoel81 commented Nov 25, 2024

Motivation and Context

Jira Link:

Description

How has this been tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the code style of this project. (run lint)
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code requires a db migration.

grvgoel81 and others added 4 commits October 28, 2024 08:37
@grvgoel81
feat: Replace custom chrome tabs with webview in login function
aeb0e9b 
Signed-off-by: Gaurav Goel <gaurav@tor.us>
@grvgoel81
hide action bar in webview login
707eba5 
Signed-off-by: Gaurav Goel <gaurav@tor.us>
@grvgoel81
Merge branch 'feat/update-session-manager-changes' into feat/login-us…
1d56aba 
…ing-webview

# Conflicts:
#	core/src/main/java/com/web3auth/core/Web3Auth.kt
#	core/src/main/java/com/web3auth/core/types/WebViewResultCallback.kt
@grvgoel81
resolved merge conflicts
fdfb0a5 
Signed-off-by: Gaurav Goel <gaurav@tor.us>
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 25, 2024
View reviewed changes
core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
super.onCreate(savedInstanceState)
supportActionBar?.hide()
setContentView(R.layout.activity_cct)
webView = findViewById(R.id.webView)

Check warning

Code scanning / CodeQL

Android WebView settings allows access to content links

Sensitive information may be exposed via a malicious link due to access to content:// links being allowed in this WebView.

Copilot Autofix

AI about 1 year ago

To fix the problem, we need to explicitly disable access to content:// URLs in the WebView settings. This can be done by calling setAllowContentAccess(false) on the WebSettings object associated with the WebView. This change should be made in the onCreate method where other WebView settings are configured.

Suggested changeset 1
core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt b/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
--- a/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
+++ b/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
@@ -70,2 +70,3 @@
         webSettings.setSupportMultipleWindows(true)
+        webSettings.setAllowContentAccess(false)
         webView.settings.userAgentString = null
EOF
@@ -70,2 +70,3 @@
webSettings.setSupportMultipleWindows(true)
webSettings.setAllowContentAccess(false)
webView.settings.userAgentString = null
Copilot is powered by AI and may make mistakes. Always verify output.
core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
}

val webSettings = webView.settings
webSettings.javaScriptEnabled = true

Check warning

Code scanning / CodeQL

Android WebView JavaScript settings

JavaScript execution enabled in WebView.

Copilot Autofix

AI about 1 year ago

To fix the problem, we should disable JavaScript execution in the WebView by setting webSettings.javaScriptEnabled to false. If JavaScript is necessary for the application's functionality, we should ensure that the WebView only loads content from trusted sources using encrypted channels (HTTPS). In this case, we will disable JavaScript execution as a precaution.

Suggested changeset 1
core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt b/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
--- a/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
+++ b/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
@@ -67,3 +67,3 @@
         val webSettings = webView.settings
-        webSettings.javaScriptEnabled = true
+        webSettings.javaScriptEnabled = false
         webSettings.domStorageEnabled = true
EOF
@@ -67,3 +67,3 @@
val webSettings = webView.settings
webSettings.javaScriptEnabled = true
webSettings.javaScriptEnabled = false
webSettings.domStorageEnabled = true
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@grvgoel81

Comments