BREAKING CHANGE:
This release introduces the `setSupportMultipleWindows` prop for Android. This sets the underlying Android WebView setting `setSupportMultipleWindows`. This prop defaults to `true` (previously `false`), and serves to mitigate the security advisory [CVE-2020-6506](https://github.com/react-native-webview/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg).
The primary way this new behavior changes existing React Native WebView implementations on Android is that links that open in new tabs/windows (such as `<a target="_blank">`) will now prompt to open in the system browser, rather than re-using the current WebView.
If this behavior is not desirable, you can set this new prop to `false`, but be aware that this exposes your app to the security vulnerability listed above. Make sure you have read and understand the whole advisory and relevant links.
iOS & Windows are unaffected.
```jsx
<WebView
// ...
setSupportMultipleWindows={true} // default: true
/>
```
Thanks to @mrcoinbase, @kelset, and @Titozzz for their work on this.
* Manage to build webview using Visual Studio
* WebView in content of UserControl
* Destructor not needed
* Example app tested
* Add messagingEnabled prop
* WebViewBridge
* Message posting
* Store bridge as instance variable
* Use bridge if messagingEnabled
* Free event delegate
* PostMessage api uses string message
* script.notify() usage removed
* Debug log removed
* Bridge reference added
* Base for web allowed object implemented c++/winrt
* Bribge works
* "Microsoft.Windows.CppWinRT" version="2.0.200729.8"
* Update bridge implementation
* version changes
* Reference fix
* WebView prj builds
* yarn lock update
* Platfrom version update
* NuGet package reference updated
* Messaging test added into example app
* Typo fix
* try_as() to as() calls
* WebView.PostMessage() not supported anymore, use injectJavaScript
* Fix WebView.postMessage to work using injectJavascript
* Eval postMessage fix
* postMessage via injectJavascript
* Example fixed to handle postMessage call
`onFileDownload` is called with the URL that you can use to download the file.
When RNCWebView detects that the HTTP response should result in a file download,
`onFileDownload` is called. The client can then provide code to download
the file.
RNCWebView determines that a file download should take place if either of the
following is true:
1. The HTTP response contains a `Content-Disposition` header that is of type
'attachment'
2. The MIME type of the response cannot be rendered by the iOS WebView
* Don't show camera options for a file upload that would result in nothing happening for the user.
On Android, if the application declares the camera permission, then even intents
that use the camera require permission to be granted. This is a problem for apps
that combine an in-app camera with a WebView that has file uploading and the user
has not given permission for the camera.
Note, this will not request permission for camera. This will simply prevent
showing the camera options that would be a no-op action for users. It does this
by checking if the camera permission is declared, and if so, checks that the
user has granted permission.
More information: https://blog.egorand.me/taking-photos-not-so-simply-how-i-got-bitten-by-action_image_capture/
* Add example and documentation about camera option availability in file uploads for Android.
Lorenzo Sciandra
Tero Paananen
Salvatore Randazzo
Kai Guo
trcoffman
Jamie Birch
Daniel Vicory
Tom Underhill