Thanks Anton Spaans for your valuable comment. I will just explain about my app. I have create an Email composer screen with Rich-text-editing using JavaScript.
Using my composer screen user can compose email with rich text editing. My composer screen will be also launched when user try to reply/Fwd already received mail(which may contain malicious code). For reply/Fwd case my app may contain malicious code. As through JavaScript I am doing only rich text editing(Bold ,italic, underline...etc). Do you feel any security issue will be there in my app for reply/Fwd cases. ~Thanks. On Wed, Mar 27, 2013 at 6:50 PM, Streets Of Boston <[email protected]>wrote: > As long as your WebView's HTML content doesn't load an external site, i.e. > you control *all *the content shown in your WebView, there is no concern. > > However, if you make an app that becomes popular and has a WebView that > can load external/public content, then someone could examine your app, > figure out what your JavaScriptnterface implements and exploit it for his > or her own purposes. > > What exactly these vulnerabilities could be, depends entirely on your app > and its JavaScriptInterface implementation. E.g. if your interface allows > for the deletion of files or reading and sending of contact information, > your app is much more vulnerable than when your interface only allows for a > simple calculation. > > > > On Wednesday, March 27, 2013 3:59:06 AM UTC-4, Amit Sinha wrote: >> >> Hi, >> >> I am creating an android web app using Webview and Java script making >> addJavascriptInterface(*true*). >> >> what are the thing i should be taking care so that any malicious >> code should not run on my app. >> >> i worried about the security of my app as i am enabling >> addJavascriptInterfac**e(*true*). >> >> Please let me know the thing i should do in my app. >> >> Thanks, >> Amit >> >> >> -- > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en > --- > You received this message because you are subscribed to a topic in the > Google Groups "Android Developers" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/android-developers/KnqJI3Kv34M/unsubscribe?hl=en > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
