Thanks Anton Spaans for your valuable comment. I will just explain about my app. I have create an Email composer screen with Rich-text-editing using JavaScript.
Using my composer screen user can compose email with rich text editing. My composer screen will be also launched when user try to reply/Fwd already received mail(which may contain malicious code). For reply/Fwd case my app may contain malicious code. As through JavaScript I am doing only rich text editing(Bold ,italic, underline...etc). Do you feel any security issue will be there in my app for reply/Fwd cases. ~Thanks. On Wed, Mar 27, 2013 at 6:50 PM, Streets Of Boston <flyingdutc...@gmail.com>wrote: > As long as your WebView's HTML content doesn't load an external site, i.e. > you control *all *the content shown in your WebView, there is no concern. > > However, if you make an app that becomes popular and has a WebView that > can load external/public content, then someone could examine your app, > figure out what your JavaScriptnterface implements and exploit it for his > or her own purposes. > > What exactly these vulnerabilities could be, depends entirely on your app > and its JavaScriptInterface implementation. E.g. if your interface allows > for the deletion of files or reading and sending of contact information, > your app is much more vulnerable than when your interface only allows for a > simple calculation. > > > > On Wednesday, March 27, 2013 3:59:06 AM UTC-4, Amit Sinha wrote: >> >> Hi, >> >> I am creating an android web app using Webview and Java script making >> addJavascriptInterface(*true*). >> >> what are the thing i should be taking care so that any malicious >> code should not run on my app. >> >> i worried about the security of my app as i am enabling >> addJavascriptInterfac**e(*true*). >> >> Please let me know the thing i should do in my app. >> >> Thanks, >> Amit >> >> >> -- > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to android-developers@googlegroups.com > To unsubscribe from this group, send email to > android-developers+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en > --- > You received this message because you are subscribed to a topic in the > Google Groups "Android Developers" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/android-developers/KnqJI3Kv34M/unsubscribe?hl=en > . > To unsubscribe from this group and all its topics, send an email to > android-developers+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
