TechQA.

react-native-webview high vulnerability UXSS

1k views Asked by At

I started a new ReactNative app and tried to use webview for playing Youtube Video It was ok the last time i used it but this time when i install the package i get a high vulnerability message : " High Universal XSS in Android WebView" More info : https://npmjs.com/advisories/1560

My questions :

  • can we use it despite this message or it will be rejected by the Play Store ?
  • otherwise do you know how to fix it ? Or
  • do you know another way to do it (without using react-native-youtube)
react-native react-native-webview
Original Q&A
1

There are 1 answers

0
Ton Snoei On

It is good that you are security aware!

Can we use it?

I don't think Google will reject your app. In other words, we launched a few apps using react-native-webview and did not experience any problem when launching on Google Play.

This vulnerability affects React Native apps which use a react-native-webview that allows navigation to arbitrary URLs. I don't think you use the webview that way.

So, yes, I think you can use it.

How to fix it?

As found in the advisory https://npmjs.com/advisories/1560:

Ensure users update their Android WebView system component via the Google Play Store to 83.0.4103.106 or higher to avoid this UXSS. 'react-native-webview' is working on a mitigation but it could take some time.

So you have to be patient and wait for a fix. The way you use it is save.

Related Questions in REACT-NATIVE

Related Questions in REACT-NATIVE-WEBVIEW

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions