Maintaining Good Security
You must be aware that exchanging messages between JavaScript and Java can have various security implications. Therefore, you must consider which web pages may be loaded inside a nUIWebView or nUIWebviewElement, which messages may potentially be passed to and from that page, and how they are handled. You may consider implementing some or all of the items on this list:
Checking
Object.equals() on the
nUIWebView or
nUIWebviewElement making calls from JavaScript into Java.
Using
processURL() callbacks to create a URL whitelisting system and/or tracking the currently loaded web page.
Passing a secret token into JavaScript from Java or an external server before accepting calls from JavaScript back into Java.
Disabling callbacks with a boolean until they are expected.
Obfuscating JavaScript code for release builds.