WebView URL filtering #3442
WebView URL filtering #3442
Conversation
* implented on_navigation_started for android * extended the webview example
* applied black
freakboy3742
left a comment
freakboy3742
left a comment
There was a problem hiding this comment.
Thanks for the PR; I've flagged a few issues inline, and the test suite is obviously failing on most platforms (although it looks like the reason for the failure is something that won't be an issue once you've addressed one of the comments inline).
core/src/toga/widgets/webview.py
Outdated
| url: str | None = None, | ||
| content: str | None = None, | ||
| user_agent: str | None = None, | ||
| on_navigation_starting=None, |
There was a problem hiding this comment.
This needs a type declaration (if only for documentation purposes)
There was a problem hiding this comment.
OK, added type declaration
| allow = False | ||
| message = f"Navigation not allowed to: {url}" | ||
| dialog = toga.InfoDialog("on_navigation_starting()", message) | ||
| asyncio.create_task(self.dialog(dialog)) |
There was a problem hiding this comment.
It might be easier to make on_navigation_starting an async callback, and then await the response.
There was a problem hiding this comment.
The example app now has both, a synchronous and an async handler
| event = TogaNavigationEvent(webresourcerequest) | ||
| allow = self.webview_impl.interface.on_navigation_starting( | ||
| webresourcerequest.getUrl().toString() | ||
| ) |
There was a problem hiding this comment.
I haven't checked, but this could be a problem if on_navigation_starting is an async callback, because the returned value will be a future.
examples/webview/webview/app.py
Outdated
| style=Pack(flex=1), | ||
| ) | ||
| # activate web navigation filtering on supported platforms | ||
| if getattr(self.webview._impl, "SUPPORTS_ON_NAVIGATION_STARTING", True): |
There was a problem hiding this comment.
Good instinct, but it's fine for the example to raise a warning if a feature isn't available.
| def winforms_navigation_starting(self, sender, event): | ||
| # print(f"winforms_navigation_starting: {event.Uri}") | ||
| if self.interface.on_navigation_starting: | ||
| allow = self.interface.on_navigation_starting(event.Uri) |
There was a problem hiding this comment.
As with the Android version, this needs to handle a Future being returned.
There was a problem hiding this comment.
I'm not quite sure, how to do this. Is there a similar case in the code base where I could get some inspiration?
|
@freakboy3742 I wonder if it is possible to make the on_navigation_starting handler async when it is being called by a native event. Aren't those native events always synchronous? |
Yes, native event handlers are always synchronous - but Toga events must be able to be defined asynchronously. That's why they return a future; we need to make sure that if a future is returned, we wait for that future. |
* added type declaration for handler * added WeakrefCallable wrapper
…_navigation_starting handlers
|
@freakboy3742 I implemented support for synchronous and asynchronous on_navigation_starting handlers for Windows. The code still contains a lot of print statements for easier debugging. If you approve of this approach, I'll implement something similar for Android and clean up the code. |
freakboy3742
left a comment
freakboy3742
left a comment
There was a problem hiding this comment.
I'm not sure I understand the approach you've taken here.
Firstly, I'm not sure why the cached "allowed" and "not allowed" URL lists is required. It seems to undermine the ability to make per-request based decisions on whether a navigation is required, which is the point of having a callback.
Secondly, the general approach of "if async, cancel the request, and force a URL load if the async result succeeds" makes sense, but the way it gets to the actual resolution seems... convoluted.
wrapped_handler takes a function or co-routine, and guarantees that it will be invoked on the event loop. It already has a an existing cleanup method that can be used to attach "on completion" logic. There's no need to have a whole standalone "attach completion callback to result" handler - it can be baked into the cleanup method when the handler is installed.
|
@freakboy3742 The "allowed" and "not allowed" lists are meant to cache the user's decision whether to allow the URL or not. I think, the user will not want to be asked for the same URL again and again. As for setting the callback method: I didn't realize that wrapped_handler already has the "on completion" functionality. I'll rewrite the code and use the cleanup method. |
|
We could make it configurable whether the user's decisions should be saved, for example by setting WebView.save_user_url_permissions=True before setting the on_navigation_starting handler. What do you think? Should the default be True or False? |
I see no practical use for that API. A method that returns If the intention is to allow user interaction on specific URLs, and cache answers - that's a decision the developer can make if that feature makes sense to have in an app. If nothing else, any caching scheme like that would need to have stored user preferences, a user-clearable cache, and more - so having it baked into Toga seems like massive overreach. |
|
@freakboy3742 I refactored and simplified the Winforms code by using the cleanup method of wrapped_handler |
freakboy3742
left a comment
freakboy3742
left a comment
There was a problem hiding this comment.
This looks a lot better. There's obviously still a lot of debug to clean up, and I've flagged one way to clean up the cleanup handler even more - but the bones of this are lot closer to something I can see being merged.
The one big outstanding question is the need for the staticProxy on WebView, and whether there's any way to make this opt-in if you want navigation callbacks.
core/src/toga/widgets/webview.py
Outdated
|
|
||
| def on_navigation_starting_callback(self, widget, result): | ||
| try: | ||
| url = widget._requested_url |
There was a problem hiding this comment.
I'm pretty sure this wouldn't be needed if this callback method was an inner method inside on_navigation_starting. That way, it could; be a closure over the url argument. See how Window.on_close is implemented - that inner cleanup method is a closure over handler.
|
@freakboy3742 I defined on_navigation_starting cleanup method as an inner method, but the url parameter is always None inside cleanup. Is there something wrong with how I changed the code? The webview._requested_url is still there and set, but not used anymore. I will remove it when the url parameter is working, but currently I don't see how to make it work without webview._requested_url |
Ah - on closer inspection - the So - I suspect what is needed here is a modification to |
How would this change help me? The cleanup method is also set when setting the on_navigation_handler. At this point, the url to be checked is not known yet. The url is only known, when the on_navigation_handler is actually called from the native event. Or do I misunderstand something here? |
What I'm saying is that |
|
@freakboy3742 I now modified wrapped_handler and handler_with_cleanup to pass the kwargs to the cleanup method. I am not sure if the change in wrapped_handler is really needed. It's the change in handler_with_cleanup which is important. But for consistency reasons, I also made the change in wrapped_handler. The URL filtering now works fine with synchronous and asynchronous handlers. The current example code uses the asynchronous handler. The code still contains a lot of debugging output. If you generally approve of the way taken to implement the URL filtering, I will cleanup the code and finalise the PR. |
|
Thanks for those updates; four things that stood out:
There's also the outstanding question from a past review; the answer to that question will be fairly significant on whether this PR can be landed at all. |
|
@freakboy3742 Here's the answer to the outstanding question regarding Android: This error is shown in the log on app start: So, we cannot merge this PR until Toga itself can declare a list of classes that need a static proxy. How do we proceed? Should I remove the changes in Android and just finalize the PR for winforms? |
Ok - that's going to be a blocker then. We can't add code to the definition of WebView that prevents an Android app from working at all.
It sounds like we might need to take that approach. Android's WebView is already missing features because of the need for a static proxy (there's no Working out how to represent the |
|
chaquo/chaquopy#881 covers the general issue. For this PR, I think it should be possible to make the Android feature conditional on the |
|
@mhsmith Many thanks for your response! Following your advice, I now moved the class TogaWebClient(static_proxy(WebViewClient)) into a separate module and I import it like this: This now works with and without the staticProxy setting in pyproject.toml :-) But the webview example works (without the URL filtering) I will now add the async handler for Android as well, clean up the code and add tests for the changed cleanup handler. |
…yproject.toml * improve docstring for on_navigation_starting * updated app.py to include the latest changes from main
freakboy3742
left a comment
freakboy3742
left a comment
There was a problem hiding this comment.
A few comments inline
- The documentation for WebView will need to detail the requirements of the Android implementation.
- At the risk of engaging in scope creep - the reason Android doesn't support on_webview_load handlers is that we didn't have a static proxy for the client; if we're able to overcome this now as an optional thing, we might as well add that feature while we're at it.
- The testbed app will also need the static declaration, and tests to give coverage.
Regarding the tests for dummy; we need to add a "faked" implementation of URL navigation blocking. We don't need to actually load a URL - we just need to track which URL has been loaded; and provide the hooks in the backend to not load if the navigation handler rejects the request. The tests then exercise all the relevant cases - at a first pass, that's:
- no handler
- a sync handler that returns True
- a sync handler that returns False
- an async handler that returns True
- an async handler that returns False
There may be some others to cover edge cases of error handling.
| return False | ||
|
|
||
|
|
||
| # TogaWebClient |
There was a problem hiding this comment.
It's part of my personal coding style (it marks the end of the class code)
I removed the line
| from .webview_static_proxy import TogaWebClient | ||
|
|
||
| client = TogaWebClient(self) | ||
| except BaseException: |
There was a problem hiding this comment.
This seems like an oddly low-level exception to be raising - is there nothing more specific we can catch?
There was a problem hiding this comment.
FYI: Java exceptions can be imported with a from ... import statement and then used in an except statement just like a Python exception.
There was a problem hiding this comment.
I replaced it with an explicit NoClassDefFoundError
| msg = "chaquopy.defaultConfig.staticProxy" | ||
| msg += '("toga_android.widgets.webview_static_proxy") ' | ||
| msg += 'missing in pyproject.toml section "build_gradle_extra_content"\n' | ||
| msg += "on_navigation_starting handler is therefore not available" |
There was a problem hiding this comment.
A multiline-string would be a better option here; see how GTK's webview handles similar long strings.
However, it would also be preferable to only output this warning if the user actually has an on_navigation_starting handler. Outputting the message when the handler is set would make more sense to me.
core/src/toga/handlers.py
Outdated
| if cleanup: | ||
| try: | ||
| cleanup(interface, result) | ||
| cleanup(interface, result, **kwargs) |
There was a problem hiding this comment.
It occurs to me that we should probably be including *args as well here.
core/src/toga/widgets/webview.py
Outdated
|
|
||
| # If URL is allowed by user interaction or user on_navigation_starting | ||
| # handler, the count will be set to 0 | ||
| self._url_count = 0 |
There was a problem hiding this comment.
I'm confused why this is a "count". All the uses are a simple boolean, not "counting" anything.
There was a problem hiding this comment.
OK, changed to boolean
core/src/toga/widgets/webview.py
Outdated
| return await loaded_future | ||
|
|
||
| @property | ||
| def on_navigation_starting(self): |
There was a problem hiding this comment.
| def on_navigation_starting(self): | |
| def on_navigation_starting(self) -> OnNavigationStartingHandler: |
core/src/toga/widgets/webview.py
Outdated
| :returns: The function ``callable`` that is called by this navigation event. |
There was a problem hiding this comment.
We don't need to document the return value; that's part of the type declaration for properties.
| :returns: The function ``callable`` that is called by this navigation event. |
core/src/toga/widgets/webview.py
Outdated
| msg = f"on_navigation_starting.cleanup, url={url}, " | ||
| msg += f"result={str(result)}" | ||
| print(msg) |
There was a problem hiding this comment.
I'm assuming this is stray debug.
| msg = f"on_navigation_starting.cleanup, url={url}, " | |
| msg += f"result={str(result)}" | |
| print(msg) |
There was a problem hiding this comment.
Yes, and there are a lot more debugging prints. I'll remove them when everything is working as expected.
There was a problem hiding this comment.
Now removed all debugging prints
|
@mhsmith What is the minimal Python Exception/Error that needs to be catched to handle Java ClassNotFoundException? I tried AttributeError and that did not catch the Java Exception |
|
Like this: from java.lang import NoClassDefFoundError
try:
...
except NoClassDefFoundError:
... |
|
@mhsmith Thank you, I'll try this |
* fixed too long lines * set asynchronous handler in example app
* adjusted WebView documentation for Android's staticProxy * added Android staticProxy for testbed application * removed debugging prints
3 participants
This PR aims to implement URL filtering for WebView on Windows and Android.
Possible use cases are:
PR Checklist: