Skip to content

[webview_flutter] Webview debugging is always enabled on Android #98521

Closed
flutter/plugins
#4859
Closed
[webview_flutter] Webview debugging is always enabled on Android#98521
flutter/plugins
#4859
Assignees
stuartmorgan-g
Labels
P1High-priority issues at the top of the work listc: regressionIt was better in the past than it is nowp: webviewThe WebView pluginpackageflutter/packages repository. See also p: labels.platform-androidAndroid applications specifically
@kubakolas

Description

@kubakolas
kubakolas
opened on Feb 15, 2022

Description

WebView class has debuggingEnabled parameter, but it's not used in Android webview_flutter_android module. In file webview_android_widget.dart there is a function which takes parameter enabled, but it's not used, true value is used instead:

  Future<void> setWebContentsDebuggingEnabled(bool enabled) {
    return android_webview.WebView.setWebContentsDebuggingEnabled(true);
  }

Link to the webview_android_widget.dart

As a result, regardless of the passed value, WebView always allows to debug its content even if apk is build in release mode. It can be dangerous in production app due to possible JavaScript injection attack by other applications installed on device.

Steps to reproduce

  1. Run the example app on Android device
  2. Open Chrome DevTools inspector - chrome://inspect/#devices

Expected results: WebView debugging shouldn't be enabled

Actual results: WebView debugging in enabled - app webview is visible in Chrome DevTools inspector

Metadata

Metadata

Assignees

Labels

P1High-priority issues at the top of the work listc: regressionIt was better in the past than it is nowp: webviewThe WebView pluginpackageflutter/packages repository. See also p: labels.platform-androidAndroid applications specifically

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions