am 78f4342f: Merge "docs: WebView security notes for apps on pre-K devices" into lmp-docs automerge: e628954
automerge: d4cf09d * commit 'd4cf09d3a0f90d61386eb1713ef2ed4ade00c061': docs: WebView security notes for apps on pre-K devices
This commit is contained in:
Andrew Solovay
@@ -445,7 +445,17 @@ locally. Server-side
|
||||
headers like <code>no-cache</code> can also be used to indicate that an application should
|
||||
not cache particular content.</p>
|
||||
|
||||
|
||||
<p>Devices running platforms older than Android 4.4 (API level 19)
|
||||
use a version of {@link android.webkit webkit} that has a number of security issues.
|
||||
As a workaround, if your app is running on these devices, it
|
||||
should confirm that {@link android.webkit.WebView} objects display only trusted
|
||||
content. You should also use the updatable security {@link
|
||||
java.security.Provider Provider} object to make sure your app isn’t exposed to
|
||||
potential vulnerabilities in SSL, as described in <a
|
||||
href="{@docRoot}training/articles/security-gms-provider.html">Updating Your
|
||||
Security Provider to Protect Against SSL Exploits</a>. If your application must
|
||||
render content from the open web, consider providing your own renderer so
|
||||
you can keep it up to date with the latest security patches.</p>
|
||||
|
||||
|
||||
<h3 id="Credentials">Handling Credentials</h3>
|
||||
|
||||
Reference in New Issue
Block a user