AndroidStudio began to show me warning "WebView.addJavascriptInterface should not be called". But this method exists and is not deprecated. What's wrong with it? May be I am missing something and now there is better way to make interaction with Javascript?
It has known security vulnerabilities in earlier Android versions. From the docs:
This is a powerful feature, but also presents a security risk for applications targeted to API level JELLY_BEAN or below, because JavaScript could use reflection to access an injected object's public fields. Use of this method in a WebView containing untrusted content could allow an attacker to manipulate the host application in unintended ways, executing Java code with the permissions of the host application. Use extreme care when using this method in a WebView which could contain untrusted content.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With