Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
@hzab/cordova-plugin-inappbrowser
Advanced tools
You can show helpful articles, videos, and web resources inside of your app. Users can view web pages without leaving your app.
To get a few ideas, check out the sample at the bottom of this page or go straight to the reference content.
This plugin provides a web browser view that displays when calling cordova.InAppBrowser.open()
.
var ref = cordova.InAppBrowser.open('https://apache.org', '_blank', 'location=yes');
window.open
The cordova.InAppBrowser.open()
function is defined to be a drop-in replacement
for the window.open()
function. Existing window.open()
calls can use the
InAppBrowser window, by replacing window.open:
window.open = cordova.InAppBrowser.open;
If you change the browsers window.open
function this way, it can have unintended side
effects (especially if this plugin is included only as a dependency of another
plugin).
The InAppBrowser window behaves like a standard web browser, and can't access Cordova APIs. For this reason, the InAppBrowser is recommended if you need to load third-party (untrusted) content, instead of loading that into the main Cordova webview. The InAppBrowser is not subject to the whitelist, nor is opening links in the system browser.
The InAppBrowser provides by default its own GUI controls for the user (back, forward, done).
cordova plugin add cordova-plugin-inappbrowser
If you want all page loads in your app to go through the InAppBrowser, you can
simply hook window.open
during initialization. For example:
document.addEventListener("deviceready", onDeviceReady, false);
function onDeviceReady() {
window.open = cordova.InAppBrowser.open;
}
<preference name="InAppBrowserStatusBarStyle" value="lightcontent" />
Opens a URL in a new InAppBrowser
instance, the current browser
instance, or the system browser.
var ref = cordova.InAppBrowser.open(url, target, options);
ref: Reference to the InAppBrowser
window when the target is set to '_blank'
. (InAppBrowser)
url: The URL to load (String). Call encodeURI()
on this if the URL contains Unicode characters.
target: The target in which to load the URL, an optional parameter that defaults to _self
. (String)
_self
: Opens in the Cordova WebView if the URL is in the white list, otherwise it opens in the InAppBrowser
._blank
: Opens in the InAppBrowser
._system
: Opens in the system's web browser.options: Options for the InAppBrowser
. Optional, defaulting to: location=yes
. (String)
The options
string must not contain any blank space, and each feature's name/value pairs must be separated by a comma. Feature names are case insensitive.
All platforms support:
yes
or no
to turn the InAppBrowser
's location bar on or off.Android supports these additional options:
yes
to create the browser and load the page, but not show it. The loadstop event fires when loading is complete. Omit or set to no
(default) to have the browser open and load normally.beforeload
event to modify which pages are actually loaded in the browser. Accepted values are get
to intercept only GET requests, post
to intercept on POST requests or yes
to intercept both GET & POST requests. Note that POST requests are not currently supported and will be ignored (if you set beforeload=post
it will raise an error).yes
to have the browser's cookie cache cleared before the new window is openedyes
to have the session cookie cache cleared before the new window is opened#00ff00
, and it will change the
close button color from default, regardless of being a text or default X. Only has effect if user has location set to yes
.yes
to show a close button in the footer similar to the iOS Done button.
The close button will appear the same as for the header hence use closebuttoncaption and closebuttoncolor to set its properties.#00ff00
or #CC00ff00
(#aarrggbb
) , and it will change the footer color from default.
Only has effect if user has footer set to yes
.yes
to use the hardware back button to navigate backwards through the InAppBrowser
's history. If there is no previous page, the InAppBrowser
will close. The default value is yes
, so you must set it to no
if you want the back button to simply close the InAppBrowser.yes
to hide the navigation buttons on the location toolbar, only has effect if user has location set to yes
. The default value is no
.yes
to hide the url bar on the location toolbar, only has effect if user has location set to yes
. The default value is no
.#00ff00
, and it will change the color of both navigation buttons from default. Only has effect if user has location set to yes
and not hidenavigationbuttons set to yes
.#00ff00
, and it will change the color the toolbar from default. Only has effect if user has location set to yes
.yes
to swap positions of the navigation buttons and the close button. Specifically, navigation buttons go to the right and close button to the left. Default value is no
.yes
to show Android browser's zoom controls, set to no
to hide them. Default value is yes
.yes
to prevent HTML5 audio or video from autoplaying (defaults to no
).yes
to make InAppBrowser WebView to pause/resume with the app to stop background audio (this may be required to avoid Google Play issues like described in CB-11013).no
, the layout width is always set to the width of the WebView control in device-independent (CSS) pixels. When the value is yes
and the page contains the viewport meta tag, the value of the width specified in the tag is used. If the page does not contain the tag or does not provide a width, then a wide viewport will be used. (defaults to yes
).yes
.iOS supports these additional options:
yes
to create the browser and load the page, but not show it. The loadstop event fires when loading is complete. Omit or set to no
(default) to have the browser open and load normally.beforeload
event to modify which pages are actually loaded in the browser. Accepted values are get
to intercept only GET requests, post
to intercept on POST requests or yes
to intercept both GET & POST requests. Note that POST requests are not currently supported and will be ignored (if you set beforeload=post
it will raise an error).yes
to have the browser's cookie cache cleared before the new window is openedyes
to have the session cookie cache cleared before the new window is opened. For WKWebView, requires iOS 11+ on target device.yes
to have the browser's entire local storage cleared (cookies, HTML5 local storage, IndexedDB, etc.) before the new window is opened#00ff00
, to change from the default Done button's color. Only applicable if toolbar is not disabled.yes
or no
(default is no
). Turns on/off the the bounce of the WKWebView's UIScrollView.yes
or no
to turn the toolbar navigation buttons on or off (defaults to no
). Only applicable if toolbar is not disabled.#00ff00
, to change from the default color. Only applicable if navigation buttons are visible.yes
or no
to turn the toolbar on or off for the InAppBrowser (defaults to yes
)#00ff00
, to change from the default color of the toolbar. Only applicable if toolbar is not disabled.yes
or no
to make the toolbar translucent(semi-transparent) (defaults to yes
). Only applicable if toolbar is not disabled.yes
to swap positions of the navigation buttons and the close button. Specifically, close button goes to the right and navigation buttons to the left.yes
or no
to prevent viewport scaling through a meta tag (defaults to no
).yes
to prevent HTML5 audio or video from autoplaying (defaults to no
).yes
or no
to allow in-line HTML5 media playback, displaying within the browser window rather than a device-specific playback interface. The HTML's video
element must also include the webkit-playsinline
attribute (defaults to no
).pagesheet
, formsheet
or fullscreen
to set the presentation style (defaults to fullscreen
).fliphorizontal
, crossdissolve
or coververtical
to set the transition style (defaults to coververtical
).top
or bottom
(default is bottom
). Causes the toolbar to be at the top or bottom of the window.yes
or no
to change the visibility of the loading indicator (defaults to no
).var ref = cordova.InAppBrowser.open('https://apache.org', '_blank', 'location=yes');
var ref2 = cordova.InAppBrowser.open(encodeURI('http://ja.m.wikipedia.org/wiki/ハングル'), '_blank', 'location=yes');
At the moment the only supported target in OSX is _system
.
_blank
and _self
targets are not yet implemented and are ignored silently. Pull requests and patches to get these to work are greatly appreciated.
Since the introduction of iPadOS 13, iPads try to adapt their content mode / user agent for the optimal browsing experience. This may result in iPads having their user agent set to Macintosh, making it hard to detect them as mobile devices using user agent string sniffing. You can change this with the PreferredContentMode
preference in config.xml
.
<preference name="PreferredContentMode" value="mobile" />
The example above forces the user agent to contain iPad
. The other option is to use the value desktop
to turn the user agent to Macintosh
.
Plugin is implemented via iframe,
Navigation history (back
and forward
buttons in LocationBar) is not implemented.
The object returned from a call to cordova.InAppBrowser.open
when the target is set to '_blank'
.
Adds a listener for an event from the
InAppBrowser
. (Only available when the target is set to'_blank'
)
ref.addEventListener(eventname, callback);
ref: reference to the InAppBrowser
window (InAppBrowser)
eventname: the event to listen for (String)
InAppBrowser
starts to load a URL.InAppBrowser
finishes loading a URL.InAppBrowser
encounters an error when loading a URL.InAppBrowser
window is closed.InAppBrowser
decides whether to load an URL or not (only with option beforeload
set).InAppBrowser
receives a message posted from the page loaded inside the InAppBrowser
Webview.InAppBrowser
loads a URL that leads in downloading of a file.callback: the function that executes when the event fires. The function is passed an InAppBrowserEvent
object as a parameter.
var inAppBrowserRef;
function showHelp(url) {
var target = "_blank";
var options = "location=yes,hidden=yes,beforeload=yes";
inAppBrowserRef = cordova.InAppBrowser.open(url, target, options);
inAppBrowserRef.addEventListener('loadstart', loadStartCallBack);
inAppBrowserRef.addEventListener('loadstop', loadStopCallBack);
inAppBrowserRef.addEventListener('loaderror', loadErrorCallBack);
inAppBrowserRef.addEventListener('beforeload', beforeloadCallBack);
inAppBrowserRef.addEventListener('message', messageCallBack);
}
function loadStartCallBack() {
$('#status-message').text("loading please wait ...");
}
function loadStopCallBack() {
if (inAppBrowserRef != undefined) {
inAppBrowserRef.insertCSS({ code: "body{font-size: 25px;}" });
inAppBrowserRef.executeScript({ code: "\
var message = 'this is the message';\
var messageObj = {my_message: message};\
var stringifiedMessageObj = JSON.stringify(messageObj);\
webkit.messageHandlers.cordova_iab.postMessage(stringifiedMessageObj);"
});
$('#status-message').text("");
inAppBrowserRef.show();
}
}
function loadErrorCallBack(params) {
$('#status-message').text("");
var scriptErrorMesssage =
"alert('Sorry we cannot open that page. Message from the server is : "
+ params.message + "');"
inAppBrowserRef.executeScript({ code: scriptErrorMesssage }, executeScriptCallBack);
inAppBrowserRef.close();
inAppBrowserRef = undefined;
}
function executeScriptCallBack(params) {
if (params[0] == null) {
$('#status-message').text(
"Sorry we couldn't open that page. Message from the server is : '"
+ params.message + "'");
}
}
function beforeloadCallBack(params, callback) {
if (params.url.startsWith("http://www.example.com/")) {
// Load this URL in the inAppBrowser.
callback(params.url);
} else {
// The callback is not invoked, so the page will not be loaded.
$('#status-message').text("This browser only opens pages on http://www.example.com/");
}
}
function messageCallBack(params){
$('#status-message').text("message received: "+params.data.my_message);
}
Whenever the InAppBrowser receives or locates to a url which leads in downloading a file, the callback assigned to the "download" event is called. The parameter passed to this callback is an object with the the following properties
function downloadListener(params){
var url = params.url;
var mimetype = params.mimetype;
var xhr = new XMLHttpRequest();
xhr.open("GET", params.url);
xhr.onload = function() {
var content = xhr.responseText;
};
xhr.send();
}
loadstart
, loadstop
, loaderror
, message
or exit
. (String)loaderror
. (Number)loaderror
. (String)message
. A stringified JSON object. (String)loadstart
, loaderror
, message
events are not fired.
var ref = cordova.InAppBrowser.open('https://apache.org', '_blank', 'location=yes');
ref.addEventListener('loadstart', function(event) { alert(event.url); });
Removes a listener for an event from the
InAppBrowser
. (Only available when the target is set to'_blank'
)
ref.removeEventListener(eventname, callback);
ref: reference to the InAppBrowser
window. (InAppBrowser)
eventname: the event to stop listening for. (String)
InAppBrowser
starts to load a URL.InAppBrowser
finishes loading a URL.InAppBrowser
encounters an error loading a URL.InAppBrowser
window is closed.InAppBrowser
receives a message posted from the page loaded inside the InAppBrowser
Webview.InAppBrowser
loads a URL that leads in downloading of a file.callback: the function to execute when the event fires.
The function is passed an InAppBrowserEvent
object.
var ref = cordova.InAppBrowser.open('https://apache.org', '_blank', 'location=yes');
var myCallback = function(event) { alert(event.url); }
ref.addEventListener('loadstart', myCallback);
ref.removeEventListener('loadstart', myCallback);
Closes the
InAppBrowser
window.
ref.close();
InAppBrowser
window (InAppBrowser)var ref = cordova.InAppBrowser.open('https://apache.org', '_blank', 'location=yes');
ref.close();
Displays an InAppBrowser window that was opened hidden. Calling this has no effect if the InAppBrowser was already visible.
ref.show();
InAppBrowser
)var ref = cordova.InAppBrowser.open('https://apache.org', '_blank', 'hidden=yes');
// some time later...
ref.show();
Hides the InAppBrowser window. Calling this has no effect if the InAppBrowser was already hidden.
ref.hide();
InAppBrowser
)var ref = cordova.InAppBrowser.open('https://apache.org', '_blank');
// some time later...
ref.hide();
Injects JavaScript code into the
InAppBrowser
window. (Only available when the target is set to'_blank'
)
ref.executeScript(details, callback);
ref: reference to the InAppBrowser
window. (InAppBrowser)
injectDetails: details of the script to run, specifying either a file
or code
key. (Object)
callback: the function that executes after the JavaScript code is injected.
code
, the callback executes
with a single parameter, which is the return value of the
script, wrapped in an Array
. For multi-line scripts, this is
the return value of the last statement, or the last expression
evaluated.var ref = cordova.InAppBrowser.open('https://apache.org', '_blank', 'location=yes');
ref.addEventListener('loadstop', function() {
ref.executeScript({file: "myscript.js"});
});
Injects CSS into the
InAppBrowser
window. (Only available when the target is set to'_blank'
)
ref.insertCSS(details, callback);
ref: reference to the InAppBrowser
window (InAppBrowser)
injectDetails: details of the script to run, specifying either a file
or code
key. (Object)
callback: the function that executes after the CSS is injected.
var ref = cordova.InAppBrowser.open('https://apache.org', '_blank', 'location=yes');
ref.addEventListener('loadstop', function() {
ref.insertCSS({file: "mystyles.css"});
});
__
You can use this plugin to show helpful documentation pages within your app. Users can view online help documents and then close them without leaving the app.
Here's a few snippets that show how you do this.
There's lots of ways to do this in your app. A drop down list is a simple way to do that.
<select id="help-select">
<option value="default">Need help?</option>
<option value="article">Show me a helpful article</option>
<option value="video">Show me a helpful video</option>
<option value="search">Search for other topics</option>
</select>
Gather the users choice in the onDeviceReady
function of the page and then send an appropriate URL to a helper function in some shared library file. Our helper function is named showHelp()
and we'll write that function next.
$('#help-select').on('change', function (e) {
var url;
switch (this.value) {
case "article":
url = "https://cordova.apache.org/docs/en/latest/"
+ "reference/cordova-plugin-inappbrowser/index.html";
break;
case "video":
url = "https://youtu.be/F-GlVrTaeH0";
break;
case "search":
url = "https://www.google.com/#q=inAppBrowser+plugin";
break;
}
showHelp(url);
});
We'll use the open
function to load the help page. We're setting the hidden
property to yes
so that we can show the browser only after the page content has loaded. That way, users don't see a blank browser while they wait for content to appear. When the loadstop
event is raised, we'll know when the content has loaded. We'll handle that event shortly.
function showHelp(url) {
var target = "_blank";
var options = "location=yes,hidden=yes";
inAppBrowserRef = cordova.InAppBrowser.open(url, target, options);
inAppBrowserRef.addEventListener('loadstart', loadStartCallBack);
inAppBrowserRef.addEventListener('loadstop', loadStopCallBack);
inAppBrowserRef.addEventListener('loaderror', loadErrorCallBack);
}
Because the browser doesn't immediately appear, we can use the loadstart
event to show a status message, progress bar, or other indicator. This assures users that content is on the way.
function loadStartCallBack() {
$('#status-message').text("loading please wait ...");
}
When the loadstopcallback
event is raised, we know that the content has loaded and we can make the browser visible. This sort of trick can create the impression of better performance. The truth is that whether you show the browser before content loads or not, the load times are exactly the same.
function loadStopCallBack() {
if (inAppBrowserRef != undefined) {
inAppBrowserRef.insertCSS({ code: "body{font-size: 25px;}" });
$('#status-message').text("");
inAppBrowserRef.show();
}
}
You might have noticed the call to the insertCSS
function. This serves no particular purpose in our scenario. But it gives you an idea of why you might use it. In this case, we're just making sure that the font size of your pages have a certain size. You can use this function to insert any CSS style elements. You can even point to a CSS file in your project.
Sometimes a page no longer exists, a script error occurs, or a user lacks permission to view the resource. How or if you handle that situation is completely up to you and your design. You can let the browser show that message or you can present it in another way.
We'll try to show that error in a message box. We can do that by injecting a script that calls the alert
function. That said, this won't work in browsers on Windows devices so we'll have to look at the parameter of the executeScript
callback function to see if our attempt worked. If it didn't work out for us, we'll just show the error message in a <div>
on the page.
function loadErrorCallBack(params) {
$('#status-message').text("");
var scriptErrorMesssage =
"alert('Sorry we cannot open that page. Message from the server is : "
+ params.message + "');"
inAppBrowserRef.executeScript({ code: scriptErrorMesssage }, executeScriptCallBack);
inAppBrowserRef.close();
inAppBrowserRef = undefined;
}
function executeScriptCallBack(params) {
if (params[0] == null) {
$('#status-message').text(
"Sorry we couldn't open that page. Message from the server is : '"
+ params.message + "'");
}
}
var iab = cordova.InAppBrowser;
iab.open('local-url.html'); // loads in the Cordova WebView
iab.open('local-url.html', '_self'); // loads in the Cordova WebView
iab.open('local-url.html', '_system'); // Security error: system browser, but url will not load (iOS)
iab.open('local-url.html', '_blank'); // loads in the InAppBrowser
iab.open('local-url.html', 'random_string'); // loads in the InAppBrowser
iab.open('local-url.html', 'random_string', 'location=no'); // loads in the InAppBrowser, no location bar
var iab = cordova.InAppBrowser;
iab.open('https://whitelisted-url.com'); // loads in the Cordova WebView
iab.open('https://whitelisted-url.com', '_self'); // loads in the Cordova WebView
iab.open('https://whitelisted-url.com', '_system'); // loads in the system browser
iab.open('https://whitelisted-url.com', '_blank'); // loads in the InAppBrowser
iab.open('https://whitelisted-url.com', 'random_string'); // loads in the InAppBrowser
iab.open('https://whitelisted-url.com', 'random_string', 'location=no'); // loads in the InAppBrowser, no location bar
var iab = cordova.InAppBrowser;
iab.open('https://url-that-fails-whitelist.com'); // loads in the InAppBrowser
iab.open('https://url-that-fails-whitelist.com', '_self'); // loads in the InAppBrowser
iab.open('https://url-that-fails-whitelist.com', '_system'); // loads in the system browser
iab.open('https://url-that-fails-whitelist.com', '_blank'); // loads in the InAppBrowser
iab.open('https://url-that-fails-whitelist.com', 'random_string'); // loads in the InAppBrowser
iab.open('https://url-that-fails-whitelist.com', 'random_string', 'location=no'); // loads in the InAppBrowser, no location bar
FAQs
Cordova InAppBrowser Plugin
The npm package @hzab/cordova-plugin-inappbrowser receives a total of 2 weekly downloads. As such, @hzab/cordova-plugin-inappbrowser popularity was classified as not popular.
We found that @hzab/cordova-plugin-inappbrowser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.