Conversation
- Add detailed logging for WebView -> Wallet JS interface communication - Display payment result info (txId, token amount) on success screen - Improve log messages with clear markers and appropriate log levels Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
…nto ic_webview
…nto ic_webview
Add prefill query parameter to IC URL with Base64-encoded user data (fullName, dob) to pre-populate form fields in the WebView. The prefill data is built based on the schema's required fields array. Also removes temporary IC preview URL workaround. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…nto ic_webview
Mark fields property as deprecated in favor of using url for WebView-based data collection or schema to parse field requirements. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
chore: fix wallet balance
…nto ic_webview
chore: update merchant keys
…nto ic_webview
- Make IC WebView fullscreen instead of fixed height - Add floating close button with dark theme styling - Close button returns to Intro screen instead of canceling - Remove loading flash when canceling payment flow - Open external links (Terms, Privacy) in mobile browser - Add pobAddress to prefill fields Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…ationTest Update test to parse collectDataAction.schema to determine what data to collect for confirmPayment instead of using hardcoded values based on deprecated fields. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
feat: Add WebView-based Information Capture for payments
chore: versions update
|
Claude finished @jakubuid's task in 2m 6s —— View job Code Review CompletePR Stats: 16 files, +683/-132 lines. Version bump to 1.6.5 with Payment enhancements. Summary: Major payment flow enhancements including WebView-based information capture with prefill, schema parsing, and improved payment result handling. Found 5 security/reliability issues requiring attention. Found 5 issue(s)Issue 1: JavaScript interface exposed without @RequiresApi protectionID: paymentroute-js-interface-api-7a29 Context:
Recommendation: // Add to class or method containing addJavascriptInterface call:
@androidx.annotation.RequiresApi(android.os.Build.VERSION_CODES.JELLY_BEAN_MR1)
private fun WebViewDataCollectionContent(...) {Issue 2: Missing WebView input validation on URL parameterID: paymentroute-webview-url-validation-3f12 Context:
Recommendation: // Before loading URL at line 1981, add domain validation:
private fun isAllowedPaymentDomain(url: String): Boolean {
val allowedHosts = setOf("pay.walletconnect.com", "pay.reown.com")
return try {
val host = Uri.parse(url).host
allowedHosts.any { host?.endsWith(it) == true }
} catch (e: Exception) { false }
}
// In WebView factory:
if (!isAllowedPaymentDomain(url)) {
loadError = "Untrusted payment domain"
return@AndroidView
}
loadUrl(url)Issue 3: Hardcoded test credentials in production codeID: ethaccountdelegate-hardcoded-pii-8c45 Context:
Recommendation: // Move to separate test fixture class or make conditional on BuildConfig.DEBUG:
object EthAccountDelegate {
// For demo/testing only - DO NOT use in production
internal val PREFILL_FULL_NAME = if (BuildConfig.DEBUG) "Test User" else null
internal val PREFILL_DOB = if (BuildConfig.DEBUG) "1990-01-15" else null
internal val PREFILL_POB_ADDRESS = if (BuildConfig.DEBUG) "123 Main Street, New York, NY 10001" else nullIssue 4: Integer overflow in ULong to Int coercionID: mappers-estimatedtxs-overflow-9b27 Context:
Recommendation: // At line 58, use proper clamping:
estimatedTxs = etaS.coerceAtMost(Int.MAX_VALUE.toULong()).toInt()Issue 5: Base64.URL_SAFE breaks standard base64 compatibilityID: paymentviewmodel-prefill-base64-4d11 Context:
Recommendation: // Line 174-176: Unless backend spec requires URL-safe encoding, use standard base64:
val encoded = Base64.encodeToString(
prefillData.toString().toByteArray(Charsets.UTF_8),
Base64.NO_WRAP // Remove URL_SAFE flag unless confirmed by backend API spec
)Additional ObservationsPositive:
Non-blocking:
|
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
...llet/src/main/kotlin/com/reown/sample/wallet/ui/routes/dialog_routes/payment/PaymentRoute.kt
Show resolved
Hide resolved
...llet/src/main/kotlin/com/reown/sample/wallet/ui/routes/dialog_routes/payment/PaymentRoute.kt
Show resolved
Hide resolved
sample/wallet/src/main/kotlin/com/reown/sample/wallet/domain/account/EthAccountDelegate.kt
Show resolved
Hide resolved
.../src/main/kotlin/com/reown/sample/wallet/ui/routes/dialog_routes/payment/PaymentViewModel.kt
Show resolved
Hide resolved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.