AndroidStudio 开始向我显示警告“不应调用 WebView.addJavascriptInterface”。但是这种方法存在并且没有被弃用。它出什么问题了?可能是我遗漏了什么,现在有更好的方法与 Javascript 进行交互?
最佳答案
它在早期的 Android 版本中存在已知的安全漏洞。来自 the docs :
This is a powerful feature, but also presents a security risk for applications targeted to API level JELLY_BEAN or below, because JavaScript could use reflection to access an injected object's public fields. Use of this method in a WebView containing untrusted content could allow an attacker to manipulate the host application in unintended ways, executing Java code with the permissions of the host application. Use extreme care when using this method in a WebView which could contain untrusted content.
关于android - 不应调用 WebView.addJavascriptInterface,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23656329/