Problem with links about kinwebbrowser HOT 7 CLOSED

Interesting. I was able to recreate this on your URL as well as others. I will work on this one.

I am open to solution suggestions from others as well.

from kinwebbrowser.

I submitted this issue to StackOverflow here:

https://stackoverflow.com/questions/26501172/launching-phone-email-map-links-in-wkwebview

from kinwebbrowser.

I was able to get it to work for the Google Maps link (which appears to be related to the target="_blank") and for the tel: scheme by adding this function to your KINWebBrowserViewController.m

- (void)webView:(WKWebView *)webView decidePolicyForNavigationAction:(WKNavigationAction *)navigationAction decisionHandler:(void (^)(WKNavigationActionPolicy))decisionHandler
{
    if(webView != self.wkWebView) {
        decisionHandler(WKNavigationActionPolicyAllow);
        return;
    }

    UIApplication *app = [UIApplication sharedApplication];
    NSURL         *url = navigationAction.request.URL;

    if (!navigationAction.targetFrame) {
        if ([app canOpenURL:url]) {
            [app openURL:url];
            decisionHandler(WKNavigationActionPolicyCancel);
            return;
        }
    }
    if ([url.scheme isEqualToString:@"tel"])
    {
        if ([app canOpenURL:url])
        {
            [app openURL:url];
            decisionHandler(WKNavigationActionPolicyCancel);
            return;
        }
    }
    decisionHandler(WKNavigationActionPolicyAllow);
}

from kinwebbrowser.

I appreciate your solution. You are definitely on the right path. After some pretty extensive research on this issue, I discovered that the code above introduces a serious security flaw.

The way you are calling [app openURL:url]; enables the application to automatically open any other apps without prompting the user. This could cause the user to be tricked into placing a call or even a FaceTime call. This has serious security concerns, as users could be charged for these calls or have image of their face stolen.

See more information here: http://algorithm.dk/posts/rtfm-0day-in-ios-apps-g-gmail-fb-messenger-etc

I am actively working on a solution for this and will update soon.

from kinwebbrowser.

Awesome catch! Glad you found that one (and are working on a solution!) Let me know if there's anything I can do to help.

For the moment, our use-case is only displaying internal documents that we have full control over, so it's not a real security issue for us. But, in the near future, that my be extended and it may very well become an issue.

from kinwebbrowser.

I just pushed these changes onto: https://github.com/dfmuir/KINWebBrowser/tree/external_url_support

It enables both of the links on your page that were previously broken.

Let me know what you think. Basically, if the scheme of the URL is not http or https, and [[UIApplication sharedApplication] canOpenURL:URL]; then the user is prompted to open an external app.

Two weaknesses right now:

1. When launching your Google Maps HTTP link, the website opens successfully, but the app is not launched. This doesn't seem ideal.
2. There does not seem to be a way to determine which app will be opening the URL, so there is no way to present that information to the user when making the decision about the external app.

I am going to think a little bit more on this before merging with master.

from kinwebbrowser.

I believe this issue has been resolved in KINWebBrowser 1.2.0

from kinwebbrowser.