Alternate Solution for setJavaScriptEnabled(true);
AndroidAndroid WebviewAndroid Problem Overview
I have developed an Android Application which uses Webview Component. I have used following line into my code,
webViewScores.getSettings().setJavaScriptEnabled(true);
Due to this line it is showing Lint warning as Using setJavaScriptEnabled can introduce XSS vulnerabilities into you application, review carefully.
Now I know that I can suppress this warning by writing this line @SuppressLint("SetJavaScriptEnabled")
above my method or at class level. But my question is, Is there any alternate solution for this ? I means is there any other way we can set Java Script Enabled in Webview ?
Android Solutions
Solution 1 - Android
you have to use it at Class Level like
@SuppressLint("SetJavaScriptEnabled")
public class MyActivity extends Activity
{
...
}
and according to me there is no other way to enable JavaScript
in WebView
and if your app really doesn’t require JavaScript
usage within a WebView then don’t call setJavaScriptEnabled(true).
Solution 2 - Android
The warning tells You that enabling Javascript may be not secure. Just check if You absolutely need to enable Javascript and if You need it, suppress warning by
@SuppressLint("SetJavaScriptEnabled")
Solution 3 - Android
Be warned that setting setJavaScriptEnabled to true may result in refusal of your application submission on the Google Play Store, or if it's already there it may result in its removal.
Solution 4 - Android
You could alternatively implement a custom Javascript renderer or even better a full browser, after all, a browser only parses the html which is basically XML