iphone - UIWebView: Can You Disable Javascript?

Question

You can disable Javascript in both mobile Safari and Cocoa's WebView but I can see no means of doing so in UIWebView.

Am I correct?

I ask in relation to this question regarding obtaining the title of page displayed in an UIWebView using Javascript. I had worried that it would fail if Javascript was disabled but it appears the API does not allow the disabling of Javascript.

If Javascript cannot be deactivated UIWebView,that renders my previous question moot.

Answer 1

There is a way! Using the Content Security Policy which is partially supported in iOS 5.1 and up, and a custom header:

X-WebKit-CSP: script-src none;

You can tell the UIWebKit to not allow javascript on the page entirely. (or selectively only allow script from a specific domain, more information in the spec.

To do this from a server you control, you'll have to modify the response headers for the page to include the X-WebKit-CSP header... To do it from pages that are local (plain text or HTML data on device), you'll have to define and register a custom NSURLProtocol for loading your page, and send the header in your crafted NSHTTPURLResponse:

NSDictionary *headers = [NSDictionary dictionaryWithObjectsAndKeys:
                         @"script-src none",@"X-WebKit-CSP",
                         @"text/html",@"Content-type",
                         encoding,@"Content-encoding",
                         nil];
NSHTTPURLResponse *urlResponse = [[NSHTTPURLResponse alloc] initWithURL:self.request.URL
                                                         statusCode:200
                                                        HTTPVersion:@"1.1"
                                                       headerFields:headers];
[self.client URLProtocol:self didReceiveResponse:urlResponse cacheStoragePolicy:NSURLCacheStorageAllowedInMemoryOnly];