Re: Why the Cocoa function can't be called from JavaScript?

Mon, 14 Sep 2009 18:11:26 -0700 


On 14/09/2009, at 1:41 PM, ziqian zhan wrote:


When first time welcome.html is loaded into webView from
-(void)awakeFromNib;, push the "change it" button on web page the
-(NSString*)getName function is called. The "hello world" is replaced with 
"hi I'm here.". But when welcome.html loaded again from
-(IBAction)loadPage:(id)sender, push the "change it" button on web page but NOTHING happens. The "hello world" is no way changed to "hi I'm here.". It 
looks that the JSBridge.getName() disappeared.
This is happening because you're setting the value of the JSBridge object in the windowScriptObject before you've even loaded the page:
NSString * path = [[NSBundle mainBundle] pathForResource:@"welcome" ofType:@ 
"html"];
[[webView mainFrame] loadRequest:[NSURLRequest requestWithURL:[NSURL
fileURLWithPath:path]]];
The windowScriptObject is not valid before the page loads, and then when the page loads you are not registering the JSBridge object with the window.
You need to set your object as the WebFrameLoadDelegate and register your JSBridge object in the delegate method - webView:didClearWindowObject:forFrame:, which is called when the windowScriptObject becomes available:
- (void)webView:(WebView *)sender didClearWindowObject: (WebScriptObject*)windowObject forFrame:(WebFrame *)frame 
{
        [windowObject setValue:self forKey:@"JSBridge"];
}
One other thing I noticed is that you are allowing access to all Objective-C methods in your app by doing this: 

+ (BOOL)isSelectorExcludedFromWebScript:(SEL)aSelector { return NO; }
+ (BOOL)isKeyExcludedFromWebScript:(const char *)name { return NO; }
This is a massive security hole, you should only allow keys and selectors that you know to be "safe" to return NO from these methods. 

--
Rob Keniger



_______________________________________________

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Reply via email to