@krishna2112 wrote:
In SystemWebViewEngine.java
@SuppressLint("AddJavascriptInterface") private static void exposeJsInterface(WebView webView, CordovaBridge bridge) { SystemExposedJsApi exposedJsApi = new SystemExposedJsApi(bridge); webView.addJavascriptInterface(exposedJsApi, "_cordovaNative"); }uses insecure Webview implementation,Knowing that WebViews are commonly vulnerable to Cross-site Scripting (XSS) and Man in the Middle (MitM) attacks it is advised to implement additional security restrictions, providing a safer environment to the application’s users.
How can we validate the origin that is being loaded in webview.
How can i implement shouldOverrideUrlLoading and the shouldInterceptRequest methods.
Posts: 1
Participants: 1