Android

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Fred Long

Saved on

compared with

New Version 2

changes.mady.by.user Unknown User (lflynn)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: under construction notice

(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)

Allowing web apps to use JavaScript leaves the app vulnerable to scripting attacks such as cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.  By default, JavaScript is disabled in WebView.  However, it is possible to enable it by using the method addJavascriptInterface(Object, String) from the android.webkit.WebView class. Doing so is dangerous. Sensitive or personal data should not be exposed to a JavaScript interface. Also, code received via such an interface cannot be trusted and it could corrupt the network or server.

...