Add note to prefer web::WebFrame API over WebState::ExecuteJavaScript.

Bug: 905939 Change-Id: Iae8ed5b83aa8bb384ed2c8e65f345547f188a986 Reviewed-on: https://chromium-review.googlesource.com/c/1357382Reviewed-by: Eugene But <eugenebut@chromium.org> Commit-Queue: Mike Dougherty <michaeldo@chromium.org> Cr-Commit-Position: refs/heads/master@{#613217}

Add note to prefer web::WebFrame API over WebState::ExecuteJavaScript.
Bug: 905939 Change-Id: Iae8ed5b83aa8bb384ed2c8e65f345547f188a986 Reviewed-on: https://chromium-review.googlesource.com/c/1357382Reviewed-by: Eugene But <eugenebut@chromium.org> Commit-Queue: Mike Dougherty <michaeldo@chromium.org> Cr-Commit-Position: refs/heads/master@{#613217}
31e7159a · Mike Dougherty · Commit Bot · 645bcff8 · 31e7159a
Commit 31e7159a authored Dec 03, 2018 by Mike Dougherty Committed by Commit Bot Dec 03, 2018
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

ios/web/public/web_state/web_state.h ios/web/public/web_state/web_state.h +5 -0

No files found.
--- a/ios/web/public/web_state/web_state.h
+++ b/ios/web/public/web_state/web_state.h
@@ -153,6 +153,11 @@ class WebState : public base::SupportsUserData {
  // Gets the CRWJSInjectionReceiver associated with this WebState.
  virtual CRWJSInjectionReceiver* GetJSInjectionReceiver() const = 0;

+  // DISCOURAGED. Prefer using |WebFrame CallJavaScriptFunction| instead because
+  // it restricts JavaScript execution to functions within __gCrWeb and can also
+  // call those functions on any frame in the page. ExecuteJavaScript here can
+  // execute arbitrary JavaScript code, which is not as safe and is retricted to
+  // executing only on the main frame.
  // Runs JavaScript in the main frame's context. If a callback is provided, it
  // will be used to return the result, when the result is available or script
  // execution has failed due to an error.