Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/login using webview #100

Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

Feat/login using webview #100

wants to merge 5 commits into from

Conversation

grvgoel81
Copy link
Contributor

Motivation and Context

Jira Link:

Description

How has this been tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the code style of this project. (run lint)
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code requires a db migration.

Gaurav Goel and others added 4 commits October 28, 2024 08:37
feat: Replace custom chrome tabs with webview in login function
aeb0e9b 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
hide action bar in webview login
707eba5 
Signed-off-by: Gaurav Goel <[email protected]>
Merge branch 'feat/update-session-manager-changes' into feat/login-us…
1d56aba 
…ing-webview

# Conflicts:
#	core/src/main/java/com/web3auth/core/Web3Auth.kt
#	core/src/main/java/com/web3auth/core/types/WebViewResultCallback.kt
@grvgoel81
resolved merge conflicts
fdfb0a5 
Signed-off-by: Gaurav Goel <[email protected]>
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 25, 2024
View reviewed changes
core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
setContentView(R.layout.activity_cct)
webView = findViewById(R.id.webView)

Check warning

Code scanning / CodeQL

Android WebView settings allows access to content links Medium

Sensitive information may be exposed via a malicious link due to access to content:// links being allowed in this WebView.

Copilot Autofix AI 25 days ago

To fix the problem, we need to explicitly disable access to content:// URLs in the WebView settings. This can be done by calling setAllowContentAccess(false) on the WebSettings object associated with the WebView. This change should be made in the onCreate method where other WebView settings are configured.

Suggested changeset 1
core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt b/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
--- a/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
+++ b/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
@@ -70,2 +70,3 @@
         webSettings.setSupportMultipleWindows(true)
+        webSettings.setAllowContentAccess(false)
         webView.settings.userAgentString = null
EOF
@@ -70,2 +70,3 @@
webSettings.setSupportMultipleWindows(true)
webSettings.setAllowContentAccess(false)
webView.settings.userAgentString = null
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
}
}

val webSettings = webView.settings
webSettings.javaScriptEnabled = true

Check warning

Code scanning / CodeQL

Android WebView JavaScript settings Medium

JavaScript execution enabled in WebView.

Copilot Autofix AI 25 days ago

To fix the problem, we should disable JavaScript execution in the WebView by setting webSettings.javaScriptEnabled to false. If JavaScript is necessary for the application's functionality, we should ensure that the WebView only loads content from trusted sources using encrypted channels (HTTPS). In this case, we will disable JavaScript execution as a precaution.

Suggested changeset 1
core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt b/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
--- a/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
+++ b/core/src/main/java/com/web3auth/core/CustomChromeTabsActivity.kt
@@ -67,3 +67,3 @@
         val webSettings = webView.settings
-        webSettings.javaScriptEnabled = true
+        webSettings.javaScriptEnabled = false
         webSettings.domStorageEnabled = true
EOF
@@ -67,3 +67,3 @@
val webSettings = webView.settings
webSettings.javaScriptEnabled = true
webSettings.javaScriptEnabled = false
webSettings.domStorageEnabled = true
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@grvgoel81