In this chapter, you have seen how to use WebViewClient and WebChromeClient to respond to specific events that happen in your WebView. However, it is possible to do even more by injecting arbitrary JavaScript objects into the document contained in the WebView itself. Check out the documentation at developer.android.com/​reference/​android/​webkit/​WebView.html and scroll down to the addJavascriptInterface(Object, String) function. The documentation uses Java method signatures, but remember that Object is equivalent to Any in Kotlin. Using this, you can inject an arbitrary object into the document with a name you specify:

    webView.addJavascriptInterface(object : Any() {
        @JavascriptInterface
        fun send(message: String) {
            Log.i(TAG, "Received message: $message")
        }
    }, "androidObject")

And then invoke it like so:

    <input type="button" value="In WebView!"
        onClick="sendToAndroid('In Android land')" />

    <script type="text/javascript">
        function sendToAndroid(message) {
            androidObject.send(message);
        }
    </script>

There are a couple of tricky parts about this. The first is that when you call send(String), the Kotlin function is not called on the main thread. It is called on a thread owned by WebView instead. So if you want to update the Android UI, you will need to use a Handler to pass control back to the main thread.

The other part is that not many data types are supported. You have String, the core primitive types, and that is it. Anything more sophisticated must be marshalled through a String, usually by converting it to JSON before sending and then parsing it out when receiving.

Starting with API 17 (Jelly Bean 4.2) and up, only public functions annotated @JavascriptInterface are exported to JavaScript. Prior to that, all public functions in the object hierarchy were accessible.

Either way, this could be dangerous. You are letting some potentially strange web page fiddle with your program. So, to be safe, it is a good idea to make sure you own the HTML in question – either that, or be extremely conservative with the interface you expose.