In SecureWebView, file access is disabled by default (by calling setAllowFileAccess(false) on the underlying WebView) but it turns out that doesn't prevent loading files shipped with the APK in the res or assets folder.
The solution would be to prevent loading URIs with the file:// scheme at all.
In
SecureWebView
, file access is disabled by default (by callingsetAllowFileAccess(false)
on the underlyingWebView
) but it turns out that doesn't prevent loading files shipped with the APK in theres
orassets
folder.The solution would be to prevent loading URIs with the
file://
scheme at all.