Html.fromHtml is it safe to show text in this way? Penetration test and invoking the content with any scripts

Question

I have project with textview, and this object has some bold and regular text. I found on stack that to make something like that it's nice to use Html.fromHtml(). However if someone got my application and will try invoke content showing in Html.fromHtml, it might be very risky..

I am writting to you with question: is it safe to use Html.fromHtml()? What should I use instead of? My project has only one textview and I musn't add any more objects. I have layout and I must work only this one layout.

Answer 1

However if someone got my application and will try invoke content showing in Html.fromHtml, it might be very risky

Why? Are you deathly allergic to italics? :-)

is it safe to use Html.fromHtml()?

It is as safe as just about any other method in any other class in Android. You are welcome to inspect the source code for it, write your own replacement for it, etc. if you so choose.

Penetration test

What do you think a "penetration test" has to do with displaying simple HTML in a TextView?

and invoking the content with any scripts

TextView (and Html.fromHtml()) does not process JavaScript, or CSS, or <iframe>, or most HTML tags for that matter. It handles a few basic tags, and that's it.