Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
cordova-plugin-sscinappbrowser
Advanced tools
Android 4.4 | Android 5.1 | Android 6.0 | iOS 9.3 | iOS 10.0 | Windows 10 Store | Travis CI |
---|---|---|---|---|---|---|
You can show helpful articles, videos, and web resources inside of your app. Users can view web pages without leaving your app.
To get a few ideas, check out the sample at the bottom of this page or go straight to the reference content.
This plugin provides a web browser view that displays when calling cordova.InAppBrowser.open()
.
var ref = cordova.InAppBrowser.open('http://apache.org', '_blank', 'location=yes');
The cordova.InAppBrowser.open()
function is defined to be a drop-in replacement
for the window.open()
function. Existing window.open()
calls can use the
InAppBrowser window, by replacing window.open:
window.open = cordova.InAppBrowser.open;
The InAppBrowser window behaves like a standard web browser, and can't access Cordova APIs. For this reason, the InAppBrowser is recommended if you need to load third-party (untrusted) content, instead of loading that into the main Cordova webview. The InAppBrowser is not subject to the whitelist, nor is opening links in the system browser.
The InAppBrowser provides by default its own GUI controls for the user (back, forward, done).
For backwards compatibility, this plugin also hooks window.open
.
However, the plugin-installed hook of window.open
can have unintended side
effects (especially if this plugin is included only as a dependency of another
plugin). The hook of window.open
will be removed in a future major release.
Until the hook is removed from the plugin, apps can manually restore the default
behaviour:
delete window.open // Reverts the call back to it's prototype's default
Although window.open
is in the global scope, InAppBrowser is not available until after the deviceready
event.
document.addEventListener("deviceready", onDeviceReady, false);
function onDeviceReady() {
console.log("window.open works well");
}
Report issues with this plugin on the Apache Cordova issue tracker
cordova plugin add cordova-plugin-inappbrowser
If you want all page loads in your app to go through the InAppBrowser, you can
simply hook window.open
during initialization. For example:
document.addEventListener("deviceready", onDeviceReady, false);
function onDeviceReady() {
window.open = cordova.InAppBrowser.open;
}
Opens a URL in a new InAppBrowser
instance, the current browser
instance, or the system browser.
var ref = cordova.InAppBrowser.open(url, target, options);
ref: Reference to the InAppBrowser
window when the target is set to '_blank'
. (InAppBrowser)
url: The URL to load (String). Call encodeURI()
on this if the URL contains Unicode characters.
target: The target in which to load the URL, an optional parameter that defaults to _self
. (String)
_self
: Opens in the Cordova WebView if the URL is in the white list, otherwise it opens in the InAppBrowser
._blank
: Opens in the InAppBrowser
._system
: Opens in the system's web browser.options: Options for the InAppBrowser
. Optional, defaulting to: location=yes
. (String)
The options
string must not contain any blank space, and each feature's name/value pairs must be separated by a comma. Feature names are case insensitive. All platforms support the value below:
yes
or no
to turn the InAppBrowser
's location bar on or off.Android only:
yes
to create the browser and load the page, but not show it. The loadstop event fires when loading is complete. Omit or set to no
(default) to have the browser open and load normally.yes
to have the browser's cookie cache cleared before the new window is openedyes
to have the session cookie cache cleared before the new window is openedyes
to show Android browser's zoom controls, set to no
to hide them. Default value is yes
.yes
to use the hardware back button to navigate backwards through the InAppBrowser
's history. If there is no previous page, the InAppBrowser
will close. The default value is yes
, so you must set it to no
if you want the back button to simply close the InAppBrowser.yes
to prevent HTML5 audio or video from autoplaying (defaults to no
).yes
to make InAppBrowser WebView to pause/resume with the app to stop background audio (this may be required to avoid Google Play issues like described in CB-11013).no
, the layout width is always set to the width of the WebView control in device-independent (CSS) pixels. When the value is yes
and the page contains the viewport meta tag, the value of the width specified in the tag is used. If the page does not contain the tag or does not provide a width, then a wide viewport will be used. (defaults to yes
).iOS only:
yes
or no
(default is no
). Turns on/off the UIWebViewBounce property.yes
to create the browser and load the page, but not show it. The loadstop event fires when loading is complete. Omit or set to no
(default) to have the browser open and load normally.yes
to have the browser's cookie cache cleared before the new window is openedyes
to have the session cookie cache cleared before the new window is openedyes
or no
to turn the toolbar on or off for the InAppBrowser (defaults to yes
)yes
or no
to prevent viewport scaling through a meta tag (defaults to no
).yes
to prevent HTML5 audio or video from autoplaying (defaults to no
).yes
or no
to allow in-line HTML5 media playback, displaying within the browser window rather than a device-specific playback interface. The HTML's video
element must also include the webkit-playsinline
attribute (defaults to no
)yes
or no
to open the keyboard when form elements receive focus via JavaScript's focus()
call (defaults to yes
).yes
or no
to wait until all new view content is received before being rendered (defaults to no
).pagesheet
, formsheet
or fullscreen
to set the presentation style (defaults to fullscreen
).fliphorizontal
, crossdissolve
or coververtical
to set the transition style (defaults to coververtical
).top
or bottom
(default is bottom
). Causes the toolbar to be at the top or bottom of the window.Windows only:
yes
to create the browser and load the page, but not show it. The loadstop event fires when loading is complete. Omit or set to no
(default) to have the browser open and load normally.yes
to create the browser control without a border around it. Please note that if location=no is also specified, there will be no control presented to user to close IAB window.var ref = cordova.InAppBrowser.open('http://apache.org', '_blank', 'location=yes');
var ref2 = cordova.InAppBrowser.open(encodeURI('http://ja.m.wikipedia.org/wiki/ハングル'), '_blank', 'location=yes');
As plugin doesn't enforce any design there is a need to add some CSS rules if
opened with target='_blank'
. The rules might look like these
.inAppBrowserWrap {
background-color: rgba(0,0,0,0.75);
color: rgba(235,235,235,1.0);
}
.inAppBrowserWrap menu {
overflow: auto;
list-style-type: none;
padding-left: 0;
}
.inAppBrowserWrap menu li {
font-size: 25px;
height: 25px;
float: left;
margin: 0 10px;
padding: 3px 10px;
text-decoration: none;
color: #ccc;
display: block;
background: rgba(30,30,30,0.50);
}
.inAppBrowserWrap menu li.disabled {
color: #777;
}
At the moment the only supported target in OSX is _system
.
_blank
and _self
targets are not yet implemented and are ignored silently. Pull requests and patches to get these to work are greatly appreciated.
Windows 8.0, 8.1 and Windows Phone 8.1 don't support remote urls to be opened in the Cordova WebView so remote urls are always showed in the system's web browser if opened with target='_self'
.
On Windows 10 if the URL is NOT in the white list and is opened with target='_self'
it will be showed in the system's web browser instead of InAppBrowser popup.
Similar to Firefox OS IAB window visual behaviour can be overridden via inAppBrowserWrap
/inAppBrowserWrapFullscreen
CSS classes
Plugin is implemented via iframe,
Navigation history (back
and forward
buttons in LocationBar) is not implemented.
The object returned from a call to cordova.InAppBrowser.open
when the target is set to '_blank'
.
Adds a listener for an event from the
InAppBrowser
. (Only available when the target is set to'_blank'
)
ref.addEventListener(eventname, callback);
ref: reference to the InAppBrowser
window (InAppBrowser)
eventname: the event to listen for (String)
InAppBrowser
starts to load a URL.InAppBrowser
finishes loading a URL.InAppBrowser
encounters an error when loading a URL.InAppBrowser
window is closed.callback: the function that executes when the event fires. The function is passed an InAppBrowserEvent
object as a parameter.
var inAppBrowserRef;
function showHelp(url) {
var target = "_blank";
var options = "location=yes,hidden=yes";
inAppBrowserRef = cordova.InAppBrowser.open(url, target, options);
inAppBrowserRef.addEventListener('loadstart', loadStartCallBack);
inAppBrowserRef.addEventListener('loadstop', loadStopCallBack);
inAppBrowserRef.addEventListener('loaderror', loadErrorCallBack);
}
function loadStartCallBack() {
$('#status-message').text("loading please wait ...");
}
function loadStopCallBack() {
if (inAppBrowserRef != undefined) {
inAppBrowserRef.insertCSS({ code: "body{font-size: 25px;" });
$('#status-message').text("");
inAppBrowserRef.show();
}
}
function loadErrorCallBack(params) {
$('#status-message').text("");
var scriptErrorMesssage =
"alert('Sorry we cannot open that page. Message from the server is : "
+ params.message + "');"
inAppBrowserRef.executeScript({ code: scriptErrorMesssage }, executeScriptCallBack);
inAppBrowserRef.close();
inAppBrowserRef = undefined;
}
function executeScriptCallBack(params) {
if (params[0] == null) {
$('#status-message').text(
"Sorry we couldn't open that page. Message from the server is : '"
+ params.message + "'");
}
}
type: the eventname, either loadstart
, loadstop
, loaderror
, or exit
. (String)
url: the URL that was loaded. (String)
code: the error code, only in the case of loaderror
. (Number)
message: the error message, only in the case of loaderror
. (String)
loadstart
and loaderror
events are not being fired.
var ref = cordova.InAppBrowser.open('http://apache.org', '_blank', 'location=yes');
ref.addEventListener('loadstart', function(event) { alert(event.url); });
Removes a listener for an event from the
InAppBrowser
. (Only available when the target is set to'_blank'
)
ref.removeEventListener(eventname, callback);
ref: reference to the InAppBrowser
window. (InAppBrowser)
eventname: the event to stop listening for. (String)
InAppBrowser
starts to load a URL.InAppBrowser
finishes loading a URL.InAppBrowser
encounters an error loading a URL.InAppBrowser
window is closed.callback: the function to execute when the event fires.
The function is passed an InAppBrowserEvent
object.
var ref = cordova.InAppBrowser.open('http://apache.org', '_blank', 'location=yes');
var myCallback = function(event) { alert(event.url); }
ref.addEventListener('loadstart', myCallback);
ref.removeEventListener('loadstart', myCallback);
Closes the
InAppBrowser
window.
ref.close();
InAppBrowser
window (InAppBrowser)var ref = cordova.InAppBrowser.open('http://apache.org', '_blank', 'location=yes');
ref.close();
Displays an InAppBrowser window that was opened hidden. Calling this has no effect if the InAppBrowser was already visible.
ref.show();
InAppBrowser
)var ref = cordova.InAppBrowser.open('http://apache.org', '_blank', 'hidden=yes');
// some time later...
ref.show();
Hides the InAppBrowser window. Calling this has no effect if the InAppBrowser was already hidden.
ref.hide();
InAppBrowser
)var ref = cordova.InAppBrowser.open('http://apache.org', '_blank');
// some time later...
ref.hide();
Injects JavaScript code into the
InAppBrowser
window. (Only available when the target is set to'_blank'
)
ref.executeScript(details, callback);
ref: reference to the InAppBrowser
window. (InAppBrowser)
injectDetails: details of the script to run, specifying either a file
or code
key. (Object)
callback: the function that executes after the JavaScript code is injected.
code
, the callback executes
with a single parameter, which is the return value of the
script, wrapped in an Array
. For multi-line scripts, this is
the return value of the last statement, or the last expression
evaluated.var ref = cordova.InAppBrowser.open('http://apache.org', '_blank', 'location=yes');
ref.addEventListener('loadstop', function() {
ref.executeScript({file: "myscript.js"});
});
Due to MSDN docs the invoked script can return only string values, otherwise the parameter, passed to callback will be [null]
.
Injects CSS into the
InAppBrowser
window. (Only available when the target is set to'_blank'
)
ref.insertCSS(details, callback);
ref: reference to the InAppBrowser
window (InAppBrowser)
injectDetails: details of the script to run, specifying either a file
or code
key. (Object)
callback: the function that executes after the CSS is injected.
var ref = cordova.InAppBrowser.open('http://apache.org', '_blank', 'location=yes');
ref.addEventListener('loadstop', function() {
ref.insertCSS({file: "mystyles.css"});
});
__
You can use this plugin to show helpful documentation pages within your app. Users can view online help documents and then close them without leaving the app.
Here's a few snippets that show how you do this.
There's lots of ways to do this in your app. A drop down list is a simple way to do that.
<select id="help-select">
<option value="default">Need help?</option>
<option value="article">Show me a helpful article</option>
<option value="video">Show me a helpful video</option>
<option value="search">Search for other topics</option>
</select>
Gather the users choice in the onDeviceReady
function of the page and then send an appropriate URL to a helper function in some shared library file. Our helper function is named showHelp()
and we'll write that function next.
$('#help-select').on('change', function (e) {
var url;
switch (this.value) {
case "article":
url = "https://cordova.apache.org/docs/en/latest/"
+ "reference/cordova-plugin-inappbrowser/index.html";
break;
case "video":
url = "https://youtu.be/F-GlVrTaeH0";
break;
case "search":
url = "https://www.google.com/#q=inAppBrowser+plugin";
break;
}
showHelp(url);
});
We'll use the open
function to load the help page. We're setting the hidden
property to yes
so that we can show the browser only after the page content has loaded. That way, users don't see a blank browser while they wait for content to appear. When the loadstop
event is raised, we'll know when the content has loaded. We'll handle that event shortly.
function showHelp(url) {
var target = "_blank";
var options = "location=yes,hidden=yes";
inAppBrowserRef = cordova.InAppBrowser.open(url, target, options);
inAppBrowserRef.addEventListener('loadstart', loadStartCallBack);
inAppBrowserRef.addEventListener('loadstop', loadStopCallBack);
inAppBrowserRef.addEventListener('loaderror', loadErrorCallBack);
}
Because the browser doesn't immediately appear, we can use the loadstart
event to show a status message, progress bar, or other indicator. This assures users that content is on the way.
function loadStartCallBack() {
$('#status-message').text("loading please wait ...");
}
When the loadstopcallback
event is raised, we know that the content has loaded and we can make the browser visible. This sort of trick can create the impression of better performance. The truth is that whether you show the browser before content loads or not, the load times are exactly the same.
function loadStopCallBack() {
if (inAppBrowserRef != undefined) {
inAppBrowserRef.insertCSS({ code: "body{font-size: 25px;" });
$('#status-message').text("");
inAppBrowserRef.show();
}
}
You might have noticed the call to the insertCSS
function. This serves no particular purpose in our scenario. But it gives you an idea of why you might use it. In this case, we're just making sure that the font size of your pages have a certain size. You can use this function to insert any CSS style elements. You can even point to a CSS file in your project.
Sometimes a page no longer exists, a script error occurs, or a user lacks permission to view the resource. How or if you handle that situation is completely up to you and your design. You can let the browser show that message or you can present it in another way.
We'll try to show that error in a message box. We can do that by injecting a script that calls the alert
function. That said, this won't work in browsers on Windows devices so we'll have to look at the parameter of the executeScript
callback function to see if our attempt worked. If it didn't work out for us, we'll just show the error message in a <div>
on the page.
function loadErrorCallBack(params) {
$('#status-message').text("");
var scriptErrorMesssage =
"alert('Sorry we cannot open that page. Message from the server is : "
+ params.message + "');"
inAppBrowserRef.executeScript({ code: scriptErrorMesssage }, executeScriptCallBack);
inAppBrowserRef.close();
inAppBrowserRef = undefined;
}
function executeScriptCallBack(params) {
if (params[0] == null) {
$('#status-message').text(
"Sorry we couldn't open that page. Message from the server is : '"
+ params.message + "'");
}
}
var iab = cordova.InAppBrowser;
iab.open('local-url.html'); // loads in the Cordova WebView
iab.open('local-url.html', '_self'); // loads in the Cordova WebView
iab.open('local-url.html', '_system'); // Security error: system browser, but url will not load (iOS)
iab.open('local-url.html', '_blank'); // loads in the InAppBrowser
iab.open('local-url.html', 'random_string'); // loads in the InAppBrowser
iab.open('local-url.html', 'random_string', 'location=no'); // loads in the InAppBrowser, no location bar
var iab = cordova.InAppBrowser;
iab.open('http://whitelisted-url.com'); // loads in the Cordova WebView
iab.open('http://whitelisted-url.com', '_self'); // loads in the Cordova WebView
iab.open('http://whitelisted-url.com', '_system'); // loads in the system browser
iab.open('http://whitelisted-url.com', '_blank'); // loads in the InAppBrowser
iab.open('http://whitelisted-url.com', 'random_string'); // loads in the InAppBrowser
iab.open('http://whitelisted-url.com', 'random_string', 'location=no'); // loads in the InAppBrowser, no location bar
var iab = cordova.InAppBrowser;
iab.open('http://url-that-fails-whitelist.com'); // loads in the InAppBrowser
iab.open('http://url-that-fails-whitelist.com', '_self'); // loads in the InAppBrowser
iab.open('http://url-that-fails-whitelist.com', '_system'); // loads in the system browser
iab.open('http://url-that-fails-whitelist.com', '_blank'); // loads in the InAppBrowser
iab.open('http://url-that-fails-whitelist.com', 'random_string'); // loads in the InAppBrowser
iab.open('http://url-that-fails-whitelist.com', 'random_string', 'location=no'); // loads in the InAppBrowser, no location bar
FAQs
Cordova InAppBrowser Plugin
The npm package cordova-plugin-sscinappbrowser receives a total of 0 weekly downloads. As such, cordova-plugin-sscinappbrowser popularity was classified as not popular.
We found that cordova-plugin-sscinappbrowser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.