Inspectopedia Help

addJavascriptInterface Called

addJavascriptInterface Called

For applications built for API levels below 17, WebView#addJavascriptInterface presents a security hazard as JavaScript on the target web page has the ability to use reflection to access the injected object's public fields and thus manipulate the host application in unintended ways.

Issue id: AddJavascriptInterface

https://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface(java.lang.Object,%20java.lang.String)

https://support.google.com/faqs/answer/9095419?hl=en

https://goo.gle/AddJavascriptInterface

Inspection Details

Available in:

IntelliJ IDEA 2023.3, Qodana for Android 2023.3, Qodana for JVM 2023.3

Plugin:

Android, 2022.3.1 Beta 2

Last modified: 13 July 2023