It was very interesting, personally I haven't used Android Studio for a few years (and I hated it back then), so I'm surprised about that. Will definitely follow along when I'm back in the Netherlands and have access to my PC (don't think my shitty laptop will appreciate me trying to run Android Studio).
Very nice. utopian-io stemsteem programming science education post I think the post needs to be seen by everyone so I shared the post and liked the post and commented the vote and I followed you. ..... https://steemit.com/africa/@steemitraj/introduction ......@steemitraj
Hey man appreciate the work. But I got a few questions regarding WebView. I've been programming my Java-Steemit App. I'm communicating with the Blockchain actually and not having a WebView.
But only when looking at a post, I'm using WebView by loading the HTML. This part is of course offline since I have the HTML already.
Now the questions:
Somehow I'm struggeling with Youtube videos. So I'm working with an iframe. Somehow it doesn't show up the fullscreen button. Javascript is enabled by the way. Any ideas?
Using a WebView, are there any features in the WebView to prevent XSS or do I have to check tags manually?
You said the WebView is quite slow. I agree. But loading from an HTML String i already have, is there a better (smoother) variant for displaying it? //Edit: And of course such a simple one.
Lets see, there are various ways to approach these particular issues.
typically, this issue has to do with hardware acceleration and plugin states. In the manifest file, make sure that you are using android:hardwareAccelerated="true" in the application tag. Also using the WebChromeClient, you can add WebSettings.PluginState.ON and WebSettings.PluginState.ON_DEMAND. If you are trying to load YouTube videos from online sources then you can also try adding meta data into the requests so that the device knows that it will be a video. You can also try building your own Iframe and then re-embedding the video into it with something like this:
using object tag
String html = "<objectwidth='400'height='400'data=\"http://www.youtube.com/embed/<video-id>\"></object>";
Past API v17 there are considerable security increases against XSS, of course this doesn't mean you wont encounter some however. What I usually do, is force my shouldOverrideUrlLoading function to be limited to the domain of the website that I am visiting. With some of the 3rd party things like YouTube also included in this check. And if the incoming URL is not in the domain then I force android to launch an intent and typically that deals with most issues. This way I can validate the origin of all of the requests made in the application. shouldInterceptRequest is another method you can override if you want a bit more control over the resources that are on whatever webpage you are accessing. Just make sure to sanitize all inputs that might be susceptible to XSS (MiTM for instance) attacks as you would with any web app etc. I know there are some decent 3rd party librarys that can handle these things as well: OWASP for instance is a good one. jsoup can also help in some specific situations.
WebViews are slow as are hybrid apps. Its one of the more unfortunate things (i would prefer to write views in HTML then XML). You can try to set a higher render priority for your webviews via webview.getSettings().setRenderPriority(RenderPriority.HIGH); and you can enable and disable hardware acceleration for various things. You can even downgrade the HTML you are viewing using modifiers like body.lowquality * { filter: none !important; }.
If I had to build a semi-hybrid app like that I would probably use something that isn't a native android app like Dart's Flutter framework for the front-end. (I know that's probably more trouble then its worth at this point for you though). And then I would wire everything else that I could get via API into the native side of the app and use my own custom build UI elements. Anyways, I hope some of this helps you out.
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by Tensor from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP. Be sure to leave at least 50SP undelegated on your account.
Thank you for the contribution. It has been approved.
You can contact us on Discord.
[utopian-moderator]
that was extremely fast. Thank you very much for reading and watching my content.
It was very interesting, personally I haven't used Android Studio for a few years (and I hated it back then), so I'm surprised about that. Will definitely follow along when I'm back in the Netherlands and have access to my PC (don't think my shitty laptop will appreciate me trying to run Android Studio).
Its actually more light weight then it used to be believe it or not, but I take your point. Cheers mate.
Very nice. utopian-io stemsteem programming science education post I think the post needs to be seen by everyone so I shared the post and liked the post and commented the vote and I followed you. .....
https://steemit.com/africa/@steemitraj/introduction ......@steemitraj
Hey man appreciate the work. But I got a few questions regarding WebView. I've been programming my Java-Steemit App. I'm communicating with the Blockchain actually and not having a WebView.
But only when looking at a post, I'm using WebView by loading the HTML. This part is of course offline since I have the HTML already.
Now the questions:
Thank you :)
Lets see, there are various ways to approach these particular issues.
android:hardwareAccelerated="true"in the application tag. Also using the WebChromeClient, you can addWebSettings.PluginState.ONandWebSettings.PluginState.ON_DEMAND. If you are trying to load YouTube videos from online sources then you can also try adding meta data into the requests so that the device knows that it will be a video. You can also try building your own Iframe and then re-embedding the video into it with something like this:Past API v17 there are considerable security increases against XSS, of course this doesn't mean you wont encounter some however. What I usually do, is force my
shouldOverrideUrlLoadingfunction to be limited to the domain of the website that I am visiting. With some of the 3rd party things like YouTube also included in this check. And if the incoming URL is not in the domain then I force android to launch an intent and typically that deals with most issues. This way I can validate the origin of all of the requests made in the application.shouldInterceptRequestis another method you can override if you want a bit more control over the resources that are on whatever webpage you are accessing. Just make sure to sanitize all inputs that might be susceptible to XSS (MiTM for instance) attacks as you would with any web app etc. I know there are some decent 3rd party librarys that can handle these things as well: OWASP for instance is a good one. jsoup can also help in some specific situations.WebViews are slow as are hybrid apps. Its one of the more unfortunate things (i would prefer to write views in HTML then XML). You can try to set a higher render priority for your webviews via
webview.getSettings().setRenderPriority(RenderPriority.HIGH);and you can enable and disable hardware acceleration for various things. You can even downgrade the HTML you are viewing using modifiers likebody.lowquality * { filter: none !important; }.If I had to build a semi-hybrid app like that I would probably use something that isn't a native android app like Dart's Flutter framework for the front-end. (I know that's probably more trouble then its worth at this point for you though). And then I would wire everything else that I could get via API into the native side of the app and use my own custom build UI elements. Anyways, I hope some of this helps you out.
Good
Hey @tensor I am @utopian-io. I have just upvoted you!
Achievements
Community-Driven Witness!
I am the first and only Steem Community-Driven Witness. Participate on Discord. Lets GROW TOGETHER!
Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by Tensor from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.
You got a 5.87% upvote from @upmewhale courtesy of @tensor!