使用hbuilder打包并在腾讯市场上架,腾讯进行安全扫描有以下漏洞,烦请大神指导如何处理
以下危险api可通过webview对象向页面javascript导出java本地接口,可能导致任意命令执行,
[addJavascriptInterface]io\dcloud\common\adapter\ui\AdaWebview.java|void addJsInterface(String paramString, IJsInterface paramIJsInterface)|mWebViewImpl.addJavascriptInterface(paramIJsInterface, paramString);
[addJavascriptInterface]io\dcloud\common\adapter\ui\AdaWebview.java|void addJsInterface(String paramString, Object paramObject)|mWebViewImpl.addJavascriptInterface(paramObject, paramString);
[addJavascriptInterface]io\dcloud\common\adapter\ui\AdaWebview.java|void addJsInterface(String paramString1, String paramString2)|mWebViewImpl.addJavascriptInterface(paramString2, paramString1);
[addJavascriptInterface]io\dcloud\common\adapter\ui\WebViewImpl.java|void addJavascriptInterface(Object paramObject, String paramString)|super.addJavascriptInterface(paramObject, paramString);
0 个回复