Java: add AssetLoader example to WebView file access documentation

Author: egregius313

java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.qhelp

@@ -38,6 +38,12 @@
 
     <sample src="WebViewFileAccessSafe.java"/>
 
+    <p>
+      In the following example, an asset loader is configured so that assets can
+      be access over <code>https</code>, and not require file system access.
+    </p>
+
+    <sample src="AssetLoaderExample.java"/>
   </example>
 
   <references>

java/ql/src/Security/CWE/CWE-200/AssetLoaderExample.java

@@ -0,0 +1,15 @@
+WebViewAssetLoader loader = new WebViewAssetLoader.Builder()
+    // Replace the domain with a domain you control, or use the default
+    // appassets.androidplatform.com
+    .setDomain("appassets.example.com")
+    .addPathHandler("/resources", new AssetsPathHandler(this))
+    .build();
+
+webView.setWebViewClient(new WebViewClientCompat() {
+    @Override
+    public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {
+        return assetLoader.shouldInterceptRequest(request.getUrl());
+    }
+});
+
+webView.loadUrl("https://appassets.example.com/resources/www/index.html");