Giters

Tencent / VasSonic

VasSonic is a lightweight and high-performance Hybrid framework developed by tencent VAS team, which is intended to speed up the first screen of websites working on Android and iOS platform.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Cross-Site Scripting: Inter-Component Communication

QiAnXinCodeSafe opened this issue · comments

commented

VasSonic/sonic-android/sample/src/main/java/com/tencent/sonic/demo/BrowserActivity.java

Lines 71 to 72 in 59936be

Intent intent = getIntent();
String url = intent.getStringExtra(PARAM_URL);

VasSonic/sonic-android/sample/src/main/java/com/tencent/sonic/demo/BrowserActivity.java

Lines 111 to 113 in 59936be

sonicSession = SonicEngine.getInstance().createSession(url, sessionConfigBuilder.build());
if (null != sonicSession) {
sonicSession.bindClient(sonicSessionClient = new SonicSessionClientImpl());

VasSonic/sonic-android/sample/src/main/java/com/tencent/sonic/demo/BrowserActivity.java

Line 188 in 59936be

sonicSessionClient.clientReady();

VasSonic/sonic-android/sdk/src/main/java/com/tencent/sonic/sdk/SonicSessionClient.java

Lines 35 to 37 in 59936be

public void clientReady() {
if (session != null) {
session.onClientReady();

VasSonic/sonic-android/sdk/src/main/java/com/tencent/sonic/sdk/StandardSonicSession.java

Line 124 in 59936be

sessionClient.loadUrl(srcUrl, new Bundle());

VasSonic/sonic-android/sample/src/main/java/com/tencent/sonic/demo/SonicSessionClientImpl.java

Lines 40 to 41 in 59936be

public void loadUrl(String url, Bundle extraData) {
webView.loadUrl(url);

Sending unvalidated data to a web browser can result in the browser executing malicious code.