Android JavaScript autocomplete form WebView

Question

With this code, I can easily paste username and password automatically on facebook.com
The purpose is to automatically paste username and password for each site chosen by the user. Many apps do it, but I have not found the way. Thanks for your help

@Override
public void onPageFinished(WebView view, String url) {
    super.onPageFinished(view, url);
    progressBar.setVisibility(View.GONE);
    String user = "user";
    String pwd = "pass";
    view.loadUrl("javascript:(function(){document.getElementsByName('email')[0].value='"
            + user
            + "';document.getElementsByName('pass')[0].value='"
            + pwd + "';document.getElementsByTagName('form')[0];})()");
}

Answer 1

Like Speditz said not every login page uses the same name / id element.

In general, most of the websites either use type="email" or type="text" for username, type="password" for password to login, and you can do some field existence checking and perform injection after webpage loaded

view.loadUrl(
    "javascript:window.onload= (function(){"
    + "var selectElementName = document.querySelector('input[type=\"email\"]');"
    +"if(selectElementName){selectElementName.value =  \"" + user + "\";}"
    +"var selectElementName = document.querySelector('input[type=\"text\"]');"
    +"if(selectElementName){selectElementName.value =  \"" + user + "\";}"
    +"var selectElementpassword = document.querySelector('input[type=\"password\"]');"
    +"if(selectElementpassword){selectElementpassword.value =  \"" + pwd + "\";}"
    +"})();"
);

And this is above JavaScript in plain text for easier to understand:

window.onload= function(){

            var selectElementName = document.querySelector('input[type="email"]');
            if(selectElementName){selectElementName.value =  "username";}

            var selectElementName = document.querySelector('input[type="text"]');
            if(selectElementName){selectElementName.value =  "username";}

            var selectElementpassword = document.querySelector('input[type="password"]');
            if(selectElementpassword){selectElementpassword.value =  "password";}
 };

Answer 2

Your code currently works in facebook.com. But when introducing multiple sites, you should implement URL check for those specific sites, because you should not run all the possible scripts on your WebView with all the usernames and passwords. e.g

if(url.contains("facebook.com")){ your facebook username & password injection code here }

Multiple scrips come from the fact that not every page uses the same element names / IDs for login elements.

If you want it to work on other sites you need to have those sites separately checked and defined(inside your app) to see what names / IDs the elements use (to my knowledge there is no way to find login forms automatically from different sites) and then making same type of injections for each site.

As extra tip you could also simplify your JavaScript because you are probably not calling the function again inside the same page load.

view.loadUrl("javascript:document.getElementsByName('email')[0].value='"+ user+ "';document.getElementsByName('pass')[0].value='"+ pwd + "';document.getElementsByTagName('form')[0];");