Reputation: 435
WebView setJavaScriptEnabled and JavaScript on site
I have web view in my app. I can see warnings in IDE. "Using setJavaScriptEnabled can introduce XSS vulnerabilities" for code
webView.getSettings().setJavaScriptEnabled(true);
So, after googling I have advice: "If your app really doesn’t require JavaScript usage within a WebView then don’t call setJavaScriptEnabled(true)"
As I understood, I do not need to enable JS for my WebView if I do not have a need to interact with this WebView with using JS. (inject some JS in WebView and handle JS events in my Android side code). But, does this means that all JS on this website will work in my WebView. I mean, if a site contains some JS for let's say some animation. Will this animation work in my WebView without enabling of this setting. Thanks a lot.
Upvotes: 3
Views: 4028
Answers (2)
Reputation: 435
After testing of different sites, I can see, that JavaScript on those sites does not work at all if the setting
webView.getSettings().setJavaScriptEnabled(true)
does not enabled for my WebView.
Upvotes: 0
Reputation: 5600
The instruction:
webView.getSettings().setJavaScriptEnabled(true);
Disable Javascript in the webview, so if you put 3 sites,2, etc. does not matter because the javascript was disabled in the webview. The webview is like chrome, firefox, or another. In other words you are disable javascript in the web browser.
Upvotes: 1
Related Questions
- How to enable javascript into webView
- Alternate Solution for setJavaScriptEnabled(true);
- Webview javascript not working with javascript enabled
- Android: can't get javascript to work on WebView even with setJavaScriptEnabled(true)
- Android WebView with JavaScript enabled
- Android - can't seem to enable JavaScript on a WebView?
- Android - Javascript in WebView
- Android WebView Javascript not enabled
- Turn javascript on in android webview
- Android JavaScript in WebView