imToken For Developers
English
English
  • Introduction
  • products
    • WebView
      • Development Guide for imToken DApp
      • RPC Methods
      • Compatibility
      • Preload URL Options
      • SDK APIs
      • Release changes
    • Universal Links
    • Deep Linking
  • References
    • imToken Brand Guide
    • dapp-sdk
    • tokenlon-onboarding
    • tokenlon-mmsk
    • tokenlon-mmproxy
    • tokenlon-jssdk
    • tokenlon-open-api
Powered by GitBook
On this page
  • Basic
  • Security
  • HTTPS
  • Permission
  • Links
  • Compatibility
  • Blob Protocol
  • Cyclic Object Parse

Was this helpful?

  1. products
  2. WebView

Compatibility

Introduction to WebView Boundaries and Compatibility.

PreviousRPC MethodsNextPreload URL Options

Last updated 4 years ago

Was this helpful?

Basic

imToken WebView uses the browser kernel that comes with the user's mobile device by default, we do not modify, hack or replace the kernel with any other open-source kernel. The behavior of parsing and rendering Web pages within the WebView is always consistent with the user's mobile device.

The default kernel for iOS is WKWebView and for Android is chromium (>4.4) / Android WebKit (<4.4). (the kernel on the Android platform may also depend on the user's system)

Consistent behavior of fonts, icons, and other resources with the default browser.

Security

imToken WebView does not sniff, hijack, or alter any internal Web pages. likewise, we do not adopt third-party page content to expand platform compatibility. If you think your web application needs better compatibility or to fix an issue, you will need to change the content on the web and republish it yourself. (for example, add compatibility shims.)

HTTPS

HTTPS is required by default.

If your site lacks an HTTPS certificate, users will receive a security risk alert by default when opening it in imToken WebView. For more information on how to add a HTTPS certificate to your site, please refer to this .

Permission

When your application needs to obtain a user's address (or others), imToken initiates a permission request to the user by default, the success of which depends on the user's actions.

The imToken application does not inject any user-related content into the WebView.

Links

If you don't want the link to open in the user's system browser after clicking it, you should avoid using target="_blank".

Compatibility

Blob Protocol

The current imToken application does not support downloading or saving data using the blob protocol on the Android platform.

Cyclic Object Parse

The imToken WebView will not help you with additional processing of cyclic object parsing, if the Web page contains circular references, WebView will simply throw an error.

In the Android platform, if your app is using target="_blank" or any action with similar behavior (e.g. window.open), the page will be opened externally using the system default browser. This is to avoid possible .

You can refer to the to solve issues.

Document
XSS vulnerabilities in the Android platform
MDN Documentation