Using setJavaScriptEnabled can Introduce XSS Vulnerabilities into&
来源:互联网 发布:网络代维管理系统下载 编辑:程序博客网 时间:2024/06/06 14:20
Android Warning : Using setJavaScriptEnabled can introduce XSS vulnerabilities into you application, review carefully.
原因:如果你的应用没有在WebView内直接使用JavaScript,不要调用setJavaScriptEnabled()我们见过这个方法在简单的代码中执行,也许会导致在产品应用中改变用途 -- 所以如果必要的化移除它默认的,WebView不执行JavaScript,所以跨站脚本攻击不可能产生。使用addJavaScriptInterface()要特别的小心,因为它允许JavaScript执行通常保留给Android应用的操作只把addJavaScriptInterface()暴露给可靠的输入源,如果不受信任的输入是被允许的,不受信任的JavaScript也许会执行Android方法。
解决方法:
1、开发文档中WebView有所提及
2、最简单的方法:加入:@SuppressLint("SetJavaScriptEnabled") 忽略这个警告
0 0
- Using setJavaScriptEnabled can Introduce XSS Vulnerabilities into&
- Using setJavaScriptEnabled can introduce XSS vulnerabilities into you application
- QQmail Multiple Xss Vulnerabilities
- DOM XSS Scanner - Find DOM based XSS Security Vulnerabilities
- HTTP Response Splitting and XSS vulnerabilities in IBM Lotus Domino
- 72.Which tasks can be performed using SQL functions built into Oracle Database ? (Choose three.)
- introduce
- Introduce
- introduce
- 73.Which tasks can be performed using SQL functions that are built into Oracle database ? (Choose th
- oracle merge into using 实例
- Oracle语法:merge into using
- Android WebView setJavaScriptEnabled
- Using XSS to bypass CSRF protection
- Bypass XSS filters using data URIs
- Hack Like a Pro: Using Nexpose to Scan for Network & System Vulnerabilities
- can't convert ActiveRecord::RecordInvalid into String
- Insert XML Files into Databases Using Xml2OleDb
- linux实用的日志分析脚本
- UIView之endEditing方法
- 必须弄懂的495个C语言问题
- java反射详解
- 大S女儿户籍,户籍就备受中两岸百姓关注
- Using setJavaScriptEnabled can Introduce XSS Vulnerabilities into&
- 最新版TCPCOPY的下载安装及使用
- POJ 1269 Intersecting Lines
- eXtremeComponents(简称ec)是一系列提供高级显示的开源JSP定制标签
- jquery日期控件使用,起止时间
- JSF2.0实战 - 1、Hello World
- 使用xStream框架从JavaBean对象转换成XML文档转换成Java对象
- sizeof(union) 、sizeof(struct) 和内存对齐技术
- 读C++ concurrency in action笔记