# Compatibility

## Basic

imToken WebView uses the browser kernel that comes with the user's mobile device by default, we do not modify, hack or replace the kernel with any other open-source kernel. The behavior of parsing and rendering Web pages within the WebView is always consistent with the user's mobile device.

The default kernel for iOS is WKWebView and for Android is chromium (>4.4) / Android WebKit (<4.4). (the kernel on the Android platform may also depend on the user's system)

Consistent behavior of fonts, icons, and other resources with the default browser.

## Security

imToken WebView does not sniff, hijack, or alter any internal Web pages. likewise, **we do not adopt third-party page content to expand platform compatibility**. If you think your web application needs better compatibility or to fix an issue, you will need to change the content on the web and republish it yourself. (for example, add compatibility shims.)

### HTTPS

`HTTPS` is required by default.

If your site lacks an `HTTPS` certificate, users will receive a security risk alert by default when opening it in imToken WebView. For more information on how to add a `HTTPS` certificate to your site, please refer to this [Document](https://developers.google.com/search/docs/advanced/security/https).

### Permission

When your application needs to obtain a user's address (or others), imToken initiates a permission request to the user by default, the success of which depends on the user's actions.

The imToken application does not inject any user-related content into the WebView.

### Links

In the Android platform, if your app is using `target="_blank"` or any action with similar behavior (e.g. `window.open`), the page will be opened externally using the system default browser. This is to avoid possible [XSS vulnerabilities in the Android platform](https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/).

If you don't want the link to open in the user's system browser after clicking it, you should avoid using `target="_blank"`.

## Compatibility

### Blob Protocol

The current imToken application does not support downloading or saving data using the `blob` protocol on the Android platform.

### Cyclic Object Parse

The imToken WebView will not help you with additional processing of cyclic object parsing, if the Web page contains circular references, WebView will simply throw an error.

You can refer to the [MDN Documentation](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/Cyclic_object_value) to solve issues.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://imtoken.gitbook.io/developers/products/webview/compatibility.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.