Closed gabides closed 2 months ago
org.apache.cordova.inappbrowser.VideoEnabledWebView
This namespace isn't part of the original Apache plugin. Are you using a fork?
The apache version does use JavascriptInterface
but in a way that I don't believe is considered insecure.
https://github.com/apache/cordova-plugin-inappbrowser/blob/6.0.x/src/android/InAppBrowser.java#L992 is not the same as what Google referenced: org.apache.cordova.inappbrowser.VideoEnabledWebView.addJavascriptInterface
More specifically, we do not have a VideoEnabledWebView
class that Google is referencing.
Yes, it’s s a fork, not the official plugin, closing as invalid. Using addJavascriptInterface doesn’t make the app insecure, the fork might be doing something that Google considers insecure.
Hi, yes sorry i didn't realise that we patched recently the code of the cordova-plugin-inappbrowser
with some code from a fork.
Bug Report
Problem
What is expected to happen?
App should be reviewed by play store with no warning. This is quite urgent as the store is requiring the issue to be fixed by May 01 2024
What does actually happen?
Apps uploaded to the play store are receiving he following warning:
Information
addJavascriptInterface
is called with a object here: https://github.com/apache/cordova-plugin-inappbrowser/blob/6.0.x/src/android/InAppBrowser.java#L992play store advise against doing this: https://support.google.com/faqs/answer/9095419?hl=en-GB
Environment, Platform, Device
Android
Command or Code
build a capacitor app with plugin
cordova-plugin-inappbrowser
v5 or v6 and try to submit it on the play storeVersion information
cordova-plugin-inappbrowser v6
Checklist