-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat/login using webview #100
base: master
Are you sure you want to change the base?
Conversation
Signed-off-by: Gaurav Goel <[email protected]>
Signed-off-by: Gaurav Goel <[email protected]>
…ing-webview # Conflicts: # core/src/main/java/com/web3auth/core/Web3Auth.kt # core/src/main/java/com/web3auth/core/types/WebViewResultCallback.kt
Signed-off-by: Gaurav Goel <[email protected]>
setContentView(R.layout.activity_cct) | ||
webView = findViewById(R.id.webView) |
Check warning
Code scanning / CodeQL
Android WebView settings allows access to content links Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 1 month ago
To fix the problem, we need to explicitly disable access to content://
URLs in the WebView settings. This can be done by calling setAllowContentAccess(false)
on the WebSettings object associated with the WebView. This change should be made in the onCreate
method where other WebView settings are configured.
-
Copy modified line R71
@@ -70,2 +70,3 @@ | ||
webSettings.setSupportMultipleWindows(true) | ||
webSettings.setAllowContentAccess(false) | ||
webView.settings.userAgentString = null |
} | ||
} | ||
|
||
val webSettings = webView.settings | ||
webSettings.javaScriptEnabled = true |
Check warning
Code scanning / CodeQL
Android WebView JavaScript settings Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 1 month ago
To fix the problem, we should disable JavaScript execution in the WebView by setting webSettings.javaScriptEnabled
to false
. If JavaScript is necessary for the application's functionality, we should ensure that the WebView only loads content from trusted sources using encrypted channels (HTTPS). In this case, we will disable JavaScript execution as a precaution.
-
Copy modified line R68
@@ -67,3 +67,3 @@ | ||
val webSettings = webView.settings | ||
webSettings.javaScriptEnabled = true | ||
webSettings.javaScriptEnabled = false | ||
webSettings.domStorageEnabled = true |
Motivation and Context
Jira Link:
Description
How has this been tested?
Screenshots (if appropriate):
Types of changes
Checklist: