javascriptandroidwebviewgoogle-playgoogle-play-console
Google Play Store Security Alert Says that your app contains Vulnerable JavaScript libraries how to remove the security warning?
In Google Play Store am getting warning below like this,
Your app contains one or more libraries with known security issues. Please see this Google Help Center article for details.
Vulnerable JavaScript libraries:
- Name --> jquery
- Version --> 3.3.1
- Known issues --> SNYK-JS-JQUERY-174006
- Identified files --> res/raw/jquery_min.js
Note: when loading webview in my app i will InterceptRequest in webview url and load the local jquery_min.js file from raw folder resource which helps us to load the webpage faster due this function and i save 5 gb download from server per month.
Sample WebView Program
LoadLocalScripts localScripts=new LoadLocalScripts(this);
webView.setWebViewClient(new WebViewClient() {
public boolean shouldOverrideUrlLoading(WebView view, String url) {
return true;
}
//Show loader on url load
public void onLoadResource(WebView view, String url) {
}
public void onPageFinished(WebView view, String url) {
}
@Override
public void onReceivedError(WebView view, int errorCode, String description, String failingUrl) {
}
@Override
public WebResourceResponse shouldInterceptRequest (final WebView view, String url) {
WebResourceResponse response= localScripts.getLocalSCripts(url);
if(response==null) {
return super.shouldInterceptRequest(view, url);
}else{
return response;
}
}
});
webView.loadUrl(url);
Class for Loading local scripts
public class LoadLocalScripts {
private Context ctx;
public LoadLocalScripts(Context context) {
ctx=context;
}
public WebResourceResponse getLocalSCripts(String url)
{
//Log.e("url_raw",url);
if (url.contains(".css")) {
if(url.contains("bootstrap.min.css")) {
return getCssWebResourceResponseFromRawResource("bootstrap_min.css");
}else {
return null;
}
}else if (url.contains(".js")){
if(url.contains("bootstrap.min.js")) {
return getScriptWebResourceResponseFromRawResource("bootstrap_min.js");
} else if(url.contains("jquery.lazyload.min.js")) {
return getScriptWebResourceResponseFromRawResource("lazyload_min.js");
} else{
return null;
}
} else {
return null;
}
}
/**
* Return WebResourceResponse with CSS markup from a raw resource (e.g. "raw/style.css").
*/
private WebResourceResponse getCssWebResourceResponseFromRawResource(String url) {
//Log.e("url_raw",url);
if(url.equalsIgnoreCase("bootstrap_min.css")) {
return getUtf8EncodedCssWebResourceResponse(ctx.getResources().openRawResource(R.raw.bootstrap_min));
}else {
return null;
}
}
private WebResourceResponse getScriptWebResourceResponseFromRawResource(String url) {
//Log.e("url_raw",url);
if(url.equalsIgnoreCase("bootstrap_min.js")) {
return getUtf8EncodedScriptWebResourceResponse(ctx.getResources().openRawResource(R.raw.bootstrap_min_js));
}else if(url.equalsIgnoreCase("lazyload_min.js")) {
return getUtf8EncodedScriptWebResourceResponse(ctx.getResources().openRawResource(R.raw.lazyload_min));
}else {
return null;
}
}
private WebResourceResponse getUtf8EncodedCssWebResourceResponse(InputStream data) {
return new WebResourceResponse("text/css", "UTF-8", data);
}
private WebResourceResponse getUtf8EncodedScriptWebResourceResponse(InputStream data) {
return new WebResourceResponse("text/javascript", "UTF-8", data);
}
}
- If i update new to Jquery script will google play remove Security Alert (Vulnerable JavaScript libraries)?
- If i place Jquery script somewhere else in my app will google play remove Security Alert?
- Let me know what is the efficient way of loading the script in webview without loading everytime from the server.
Solution
This issue refers to an old vulnerability of jquery from your res/raw/jquery_min.js file.
Just updated the jquery_min.js to v3.4.1 and fix it.
You can fix it manually in your file change in the code:
From:
if(null!=(e=arguments[s]))for(t in e)n=a[t],a!==(r=e[t])&&(l&&r&&(w.isPlainObject(r)||
To:
if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(k.isPlainObject(r)||
I found this solution in https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/ and worked for me.
- Failed to resolve: lib
- TypeError: Cannot destructure property 'company' of 'jobs[value]' as it is undefined
- React hooks: call component as function vs render as element
- View a Javascript method's contents in Chrome console
- Can the Monaco Editor use different line numbering based on the model?
- Creating Internal Loops Dynamically
- Time difference function giving negative value
- Get interaction's reponse message object discord.js
- How to specify browser language in Puppeteer
- JS array is adding the first selected items value plus the new one with it
- how to rate limit next.js server actions?
- Override functions of the page in a Firefox extension content script
- how to replace `bind(this)` in es6
- Change border colors of TinyMCE on focus and blur
- How do I get Tailwind's active breakpoint in JavaScript?
- How to implement click event or data point selection on apexCharts?
- How to send proactive message in a cron with botframework using javascript?
- why was `ResizeObserver` introduced to listen to resize changes and not a simpler Element.prototype.addEventListener('resize', callback)
- Js remove all classes from element
- localhost:300/api is not working : "This page isn’t working"
- Show a default image if src image is not found
- Sorting a HTML table
- Where are anonymous callback functions to setTimeout stored?
- Add numbers in a object within a JavasScript array from an index below a value and return value
- Axios CDN link refused to load
- Encode HTML entities in JavaScript
- How can I remove a specific item from an array in JavaScript?
- Fluid dynamic simulation, with obstacles
- Comparing two similar objects (holding same keys) and returning key value pairs that are different
- Defer execution for ES6 Template Literals