Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WebView.addJavascriptInterface should not be called

AndroidStudio began to show me warning "WebView.addJavascriptInterface should not be called". But this method exists and is not deprecated. What's wrong with it? May be I am missing something and now there is better way to make interaction with Javascript?

like image 235
darja Avatar asked Mar 19 '23 15:03

darja


1 Answers

It has known security vulnerabilities in earlier Android versions. From the docs:

This is a powerful feature, but also presents a security risk for applications targeted to API level JELLY_BEAN or below, because JavaScript could use reflection to access an injected object's public fields. Use of this method in a WebView containing untrusted content could allow an attacker to manipulate the host application in unintended ways, executing Java code with the permissions of the host application. Use extreme care when using this method in a WebView which could contain untrusted content.

like image 54
marcin.kosiba Avatar answered Apr 01 '23 06:04

marcin.kosiba