After realizing that it's not enough to check the allow/block list when loading a URL in shouldOverrideUrlLoading as that's not called when loading a page is initiated via loadUrl, the same filtering was added to not allow loading URIs that are on the blocklist, or if a whitelist is present not on it.
Unfortunately the other loadUrl method called loadUrlWithoutEscapingJavascript (which differs in not blocking JavaScript execution by escaping it) was not modified so the same logic should be added there as well.
After realizing that it's not enough to check the allow/block list when loading a URL in
shouldOverrideUrlLoadingas that's not called when loading a page is initiated vialoadUrl, the same filtering was added to not allow loading URIs that are on the blocklist, or if a whitelist is present not on it.Unfortunately the other
loadUrlmethod calledloadUrlWithoutEscapingJavascript(which differs in not blocking JavaScript execution by escaping it) was not modified so the same logic should be added there as well.