Field of the Invention
The present invention relates to an information processing apparatus that is connected to a Web server, and comprises a Web browser for displaying an operation screen provided by the Web server, and a method of controlling an information processing apparatus.
Description of the Related Art
An information processing apparatus, such as a PC or a mobile telephone, connecting to a Web server on a network, and displaying operation screens, which are provided by a Web application on the Web server, on a Web browser that the information processing apparatus comprises is known. In such cases, firstly the Web browser of the information processing apparatus makes a request (requests) for an operation screen to the Web application on the Web server. Then, in response to the request from the information processing apparatus, the Web application makes a response (responds) to the information processing apparatus with HTML data for causing an operation screen to be displayed on the Web browser. The Web browser of the information processing apparatus analyzes the received HTML data, and displays the operation screen based on the description of the HTML data. When the user inputs an instruction via the operation screen displayed on the Web browser, the Web browser makes a notification to the Web server of the inputted instruction. Then, the Web application on the Web server, after receiving this notification, executes processing in accordance with the inputted instruction. Also, there is a component called a WebView that has a function that is equivalent to the foregoing Web browser function, and that can be used as a GUI element for configuring an application on an information processing apparatus. An application on the information processing apparatus can realize a function and representation equivalent to those of a Web browser by using a WebView. In recent years, the above described Web browser and WebView are being implemented in multifunction peripherals (MFPs) that comprise a scanner and a printer.
In WebViews, there are those that comprise a binding (bind/unbind) mechanism for calling a native function of an information processing apparatus directly from JavaScript (registered trademark) that is executed in the Web application. While the implementation of the application is simplified by using this binding mechanism, there is a necessity to consider safety measures against applications that would use the binding mechanism maliciously on the system side where the application is executed. Note that a native function indicates a function that an operating system, a language processor, or the like of the information processing apparatus provides.
As a safety measure of the system side, a threat is estimated by reverse compiling an application to identify a native function that is bound in the JavaScript (registered trademark) that is executed in that application (Japanese Patent Laid-Open No. 2012-234401).
However, in the conventional method, it is necessary to have an API storage mechanism for storing malicious APIs that could be a threat and the reverse compile mechanism. This makes the system more complicated. Along with this, in the conventional method, it is necessary to handle each application.