Mobile Development 10.11 | webMethods Mobile SuiteWeb Help | webMethods Mobile Designer Native User Interface Reference | Mobile Designer Native User Interface | JavaScript Bridge | Maintaining Good Security
 
Maintaining Good Security
You must be aware that exchanging messages between JavaScript and Java can have various security implications. Therefore, you must consider which web pages may be loaded inside a nUIWebView or nUIWebviewElement, which messages may potentially be passed to and from that page, and how they are handled. You may consider implementing some or all of the items on this list:
*Checking Object.equals() on the nUIWebView or nUIWebviewElement making calls from JavaScript into Java.
*Using processURL() callbacks to create a URL whitelisting system and/or tracking the currently loaded web page.
*Passing a secret token into JavaScript from Java or an external server before accepting calls from JavaScript back into Java.
*Disabling callbacks with a boolean until they are expected.
*Obfuscating JavaScript code for release builds.