修复JavaScript接口注入漏洞 [英] Remediation for JavaScript Interface Injection Vulnerability

问题描述

我从Google Play控制台收到一条警告，警告我转到此页面，因为我在应用程序中使用了JavaScript接口，并提出了两个解决方案.

I received a warning from Google Play Console that refers me to this page because I used JavaScript Interface in my app and suggest two options to solve the problem .

选项1 告知:

确保没有对象添加到的JavaScript接口 加载不受信任的Web内容的任何WebView.您可以一分为二 方式:

Ensure that there are no objects added to the JavaScript interface of any WebView that loads untrusted web content. You can do this in two ways:

确保没有任何对象添加到JavaScript接口 通过调用addJavascriptInterface.

Ensure that no objects are ever added to the JavaScript interface via calls to addJavascriptInterface.

从shouldInterceptRequest中的JavaScript接口中删除对象 通过removeJavascriptInterface加载不信任的内容之前 WebView.

Remove objects from the JavaScript interface in shouldInterceptRequest via removeJavascriptInterface before untrusted content is loaded by the WebView.

但我不明白google在上具体说了什么:

but I can't understand what google exactly says specially on :

从shouldInterceptRequest中的JavaScript接口中删除对象 通过removeJavascriptInterface加载不信任的内容之前 WebView

Remove objects from the JavaScript interface in shouldInterceptRequest via removeJavascriptInterface before untrusted content is loaded by the WebView

有人可以告诉我更多解释吗?

can someone tell me more explanation ?

推荐答案

我只是不做任何特殊的事情就发布了更新，但警告消失了，但不确定它是否会再次出现

I just release an update without doing something special and warning disappeared BUT not sure it will came back again or not

这篇关于修复JavaScript接口注入漏洞的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！