To ensure the security of an app when a URL is opened, you can enable the system to check the URL before HTML5 container calls the URL. If the URL is not in the whitelist, a call to the URL can be automatically blocked.
We recommend that URLs be checked before one of the following MPNebula APIs is called:
public class MPNebula {
/**
* Start an online URL.
*
* @param url The online URL.
*/
public static void startUrl(String url);
/**
* Start an online URL.
*
* @param url The online URL.
* @param param The startup parameter.
*/
public static void startUrl(String url, Bundle param);
}
// Create the page.
public static final void openH5(String url) {
if (TextUtils.isEmpty(url)) {
return;
}
H5Service h5Service = LauncherApplicationAgent.getInstance().getMicroApplicationContext()
.findServiceByInterface(H5Service.class.getName());
H5Bundle bundle = new H5Bundle();
Bundle param = new Bundle();
// Start an online URL.
param.putString(H5Param.LONG_URL,url);
bundle.setParams(param);
if (h5Service != null) {
// Create API synchronously.
H5Page h5Page=h5Service.createPage(activity,bundle);
// Create API asynchronously.
h5Service.createPageAsync(activity, bundle, h5PageReadyListener);
}
}
Notice
Exact matching is required for the URLs. At least the scheme and host information in the URI class must be matched. Do not use regular expression matching or use it with caution. Avoid using imprecise functions, such as contains, startsWith, endsWith, and indexOf.