https://stackoverflow.com/questions/23656329
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianIt has known security vulnerabilities in earlier Android versions. From the docs:
This is a powerful feature, but also presents a security risk for applications targeted to API level JELLY_BEAN or below, because JavaScript could use reflection to access an injected object's public fields. Use of this method in a WebView containing untrusted content could allow an attacker to manipulate the host application in unintended ways, executing Java code with the permissions of the host application. Use extreme care when using this method in a WebView which could contain untrusted content.
