[Android] Add a Platform Specific to allow disable js execution on the WebView #29446
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
Adds a new Android-specific API to enable or disable JavaScript execution in WebView, supporting a security-hardening initiative.
- Defines a bindable
JavaScriptEnabledproperty and fluent extensions on Android platform configuration. - Hooks up handler mapping (
MapJavaScriptEnabled) and runtime platform extension (UpdateJavaScriptEnabled). - Updates PublicAPI listings for the newly added methods and properties, and adds a sample toggle in the WebView gallery.
Reviewed Changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/Controls/src/Core/WebView/WebView.Mapper.cs | Registered the JavaScriptEnabled mapping on the handler |
| src/Controls/src/Core/WebView/WebView.Android.cs | Added MapJavaScriptEnabled method for Android handlers |
| src/Controls/src/Core/PlatformConfiguration/AndroidSpecific/WebView.cs | Introduced JavaScriptEnabledProperty and related APIs |
| src/Controls/src/Core/Platform/Android/Extensions/WebViewExtensions.cs | Implemented UpdateJavaScriptEnabled to toggle settings |
| src/Controls/src/Core/PublicAPI/**/PublicAPI.Unshipped.txt | Exposed new Android-specific API signatures for JS control |
| src/Controls/samples/Controls.Sample/Pages/Controls/WebViewGalleries/WebViewGallery.xaml(.cs) | Sample UI and event handler for toggling JavaScriptEnabled |
Comments suppressed due to low confidence (1)
src/Controls/src/Core/PlatformConfiguration/AndroidSpecific/WebView.cs:119
- No automated tests have been added for the new JavaScriptEnabled Android platform-specific property; please add relevant UI tests in TestCases.HostApp and shared tests in TestCases.Shared.Tests to cover this behavior.
public static readonly BindableProperty JavaScriptEnabledProperty = BindableProperty.Create("JavaScriptEnabled", typeof(bool), typeof(FormsElement), true);
src/Controls/samples/Controls.Sample/Pages/Controls/WebViewGalleries/WebViewGallery.xaml.cs
Outdated
Show resolved
Hide resolved
rmarinho
approved these changes
May 30, 2025
rmarinho
requested changes
May 30, 2025
Added a test, could you review it again? |
rmarinho
approved these changes
Jun 11, 2025
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of Change
Introduced a Platform-Specific that provides the ability to disable JavaScript execution within the Android WebView.
This change is part of an ongoing .NET MAUI threat modeling initiative aimed at identifying potential security risks and implementing proactive improvements to enhance application safety. This changes provides flexibility to enforce strict security policies based on app requirements.