Custom Android webview ?
-
Any way i can use my custom android webview and add it on QML instead of using built in QWebView ?
like on ioswebview from this link
https://github.com/g00dnight/IOSWebViewsince there is vulnerability exist in using QWebView even i disable javascript in QWebview the vuln with medium risk still exist so i'm thinking to create custom webview so i can disable the webview to remove Medium Risk
any ideas how to achieve this ?
thank you
-
Hi,
Qt uses the native web view of the OS if there's one provided and that's the case for both iOS and Android (and mandatory by the way) so I am not sure what you want to do exactly.
-
Hi,
Qt uses the native web view of the OS if there's one provided and that's the case for both iOS and Android (and mandatory by the way) so I am not sure what you want to do exactly.
As i said earlier , QWebView has existing vulnerability when scanned in pentool , this is Javascript Enabled which is rated Medium Risk , disabling javascript in Qt WebView doesn't fix it.
so i need to create own android webview to remove that medium risk
-
As i said earlier , QWebView has existing vulnerability when scanned in pentool , this is Javascript Enabled which is rated Medium Risk , disabling javascript in Qt WebView doesn't fix it.
so i need to create own android webview to remove that medium risk
-
@jhayar can you share the NIST CVE number of the security vulnerability you are referring to?
I think QWebView by default javascript is enable. so disabling javascript in QWebView doesn't effect the WebView code from android java code .
so i'm thinking to remove WebView in CMakeLists then create my own webview and add to Qt View . but there's no documentation how to use custom android native view .
-
I think QWebView by default javascript is enable. so disabling javascript in QWebView doesn't effect the WebView code from android java code .
so i'm thinking to remove WebView in CMakeLists then create my own webview and add to Qt View . but there's no documentation how to use custom android native view .
@jhayar thank you for the post.
I think you misunderstood that report. The CWE index is not about vulnarabilities.
additionally, the screenshot is weird. It refers to CWE 749, but the actual one is about something very different.
-
@jhayar thank you for the post.
I think you misunderstood that report. The CWE index is not about vulnarabilities.
additionally, the screenshot is weird. It refers to CWE 749, but the actual one is about something very different.
-
@TomZ , i see thanks for the clarification and the link reference ,
But , is there a way i can use my own custom android webview so i can remove that CWE report? , our infosec doesn't allow us to publish the app with that medium risk ,
Thanks
@jhayar said in Custom Android webview ?:
is there a way i can use my own custom android webview
Not using Qt classes.
@jhayar said in Custom Android webview ?:
our infosec doesn't allow us to publish the app with that medium risk ,
that sounds like a problem your organization should fix, as the effect is clearly that you deliver worse code.
-
@jhayar said in Custom Android webview ?:
is there a way i can use my own custom android webview
Not using Qt classes.
@jhayar said in Custom Android webview ?:
our infosec doesn't allow us to publish the app with that medium risk ,
that sounds like a problem your organization should fix, as the effect is clearly that you deliver worse code.
@TomZ no , the detected is not from my code but the built in QWebView ,
Not using Qt classes.
Yes i know that it can't be done in Qt classes , but i believe QWebView is just extended anroid.webkit.WebView , so i also believe that there is a way we can use our own Webview extending android.webkit.WebView then add it in QT .
but it is something Qt didnt create a documentation for that or they just simply dont want to disclose it .
-
@TomZ no , the detected is not from my code but the built in QWebView ,
Not using Qt classes.
Yes i know that it can't be done in Qt classes , but i believe QWebView is just extended anroid.webkit.WebView , so i also believe that there is a way we can use our own Webview extending android.webkit.WebView then add it in QT .
but it is something Qt didnt create a documentation for that or they just simply dont want to disclose it .
-
-
@SGaist what i mean for not disclosed is the documentation related on using /embedding native android view in QT , for example android.view.View / android.webkit.WebView
-
J jhayar has marked this topic as solved on
