(#) Missing @JavascriptInterface on methods !!! ERROR: Missing @JavascriptInterface on methods This is an error. Id : `JavascriptInterface` Summary : Missing @JavascriptInterface on methods Severity : Error Category : Security Platform : Android Vendor : Android Open Source Project Feedback : https://issuetracker.google.com/issues/new?component=192708 Since : Initial Affects : Kotlin and Java files Editing : This check runs on the fly in the IDE editor See : https://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface(java.lang.Object, java.lang.String) See : https://goo.gle/JavascriptInterface Implementation : [Source Code](https://cs.android.com/android-studio/platform/tools/base/+/mirror-goog-studio-main:lint/libs/lint-checks/src/main/java/com/android/tools/lint/checks/JavaScriptInterfaceDetector.kt) Tests : [Source Code](https://cs.android.com/android-studio/platform/tools/base/+/mirror-goog-studio-main:lint/libs/lint-tests/src/test/java/com/android/tools/lint/checks/JavaScriptInterfaceDetectorTest.kt) Copyright Year : 2013 As of API 17, you must annotate methods in objects registered with the `addJavascriptInterface` method with a `@JavascriptInterface` annotation. (##) Example Here is an example of lint warnings produced by this check: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~text src/test/pkg/JavaScriptTest.java:11:Error: None of the methods in the added interface (NonAnnotatedObject) have been annotated with @android.webkit.JavascriptInterface; they will not be visible in API 17 [JavascriptInterface] webview.addJavascriptInterface(new NonAnnotatedObject(), "myobj"); ---------------------- src/test/pkg/JavaScriptTest.java:14:Error: None of the methods in the added interface (NonAnnotatedObject) have been annotated with @android.webkit.JavascriptInterface; they will not be visible in API 17 [JavascriptInterface] webview.addJavascriptInterface(o, "myobj"); ---------------------- src/test/pkg/JavaScriptTest.java:21:Error: None of the methods in the added interface (NonAnnotatedObject) have been annotated with @android.webkit.JavascriptInterface; they will not be visible in API 17 [JavascriptInterface] webview.addJavascriptInterface(object2, "myobj"); ---------------------- src/test/pkg/JavaScriptTest.java:32:Error: None of the methods in the added interface (NonAnnotatedObject) have been annotated with @android.webkit.JavascriptInterface; they will not be visible in API 17 [JavascriptInterface] webview.addJavascriptInterface(t, "myobj"); ---------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Here are the relevant source files: `src/test/pkg/AnnotatedObject.java`: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~java linenumbers package test.pkg; import android.webkit.JavascriptInterface; @SuppressWarnings("ClassNameDiffersFromFileName") public class AnnotatedObject { @JavascriptInterface public void test1() { } public void test2() { } @JavascriptInterface public void test3() { } } ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ `src/test/pkg/InheritsFromAnnotated.java`: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~java linenumbers package test.pkg; import android.webkit.JavascriptInterface; @SuppressWarnings("ClassNameDiffersFromFileName") public class InheritsFromAnnotated extends AnnotatedObject { @Override public void test1() { } @Override public void test2() { } } ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ `src/test/pkg/NonAnnotatedObject.java`: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~java linenumbers package test.pkg; @SuppressWarnings("ClassNameDiffersFromFileName") public class NonAnnotatedObject { public void test1() { } public void test2() { } } ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ `src/test/pkg/JavaScriptTest.java`: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~java linenumbers package test.pkg; import android.annotation.SuppressLint; import android.webkit.WebView; @SuppressWarnings({"ClassNameDiffersFromFileName", "MethodMayBeStatic"}) public class JavaScriptTest { public void test(WebView webview) { webview.addJavascriptInterface(new AnnotatedObject(), "myobj"); webview.addJavascriptInterface(new InheritsFromAnnotated(), "myobj"); webview.addJavascriptInterface(new NonAnnotatedObject(), "myobj"); Object o = new NonAnnotatedObject(); webview.addJavascriptInterface(o, "myobj"); o = new InheritsFromAnnotated(); webview.addJavascriptInterface(o, "myobj"); } public void test(WebView webview, AnnotatedObject object1, NonAnnotatedObject object2) { webview.addJavascriptInterface(object1, "myobj"); webview.addJavascriptInterface(object2, "myobj"); } @SuppressLint("JavascriptInterface") public void testSuppressed(WebView webview) { webview.addJavascriptInterface(new NonAnnotatedObject(), "myobj"); } public void testLaterReassignment(WebView webview) { Object o = new NonAnnotatedObject(); Object t = o; webview.addJavascriptInterface(t, "myobj"); o = new AnnotatedObject(); } } ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You can also visit the [source code](https://cs.android.com/android-studio/platform/tools/base/+/mirror-goog-studio-main:lint/libs/lint-tests/src/test/java/com/android/tools/lint/checks/JavaScriptInterfaceDetectorTest.kt) for the unit tests for this check to see additional scenarios. The above example was automatically extracted from the first unit test found for this lint check, `JavaScriptInterfaceDetector.test`. To report a problem with this extracted sample, visit https://issuetracker.google.com/issues/new?component=192708. (##) Suppressing You can suppress false positives using one of the following mechanisms: * Using a suppression annotation like this on the enclosing element: ```kt // Kotlin @Suppress("JavascriptInterface") fun method() { addJavascriptInterface(...) } ``` or ```java // Java @SuppressWarnings("JavascriptInterface") void method() { addJavascriptInterface(...); } ``` * Using a suppression comment like this on the line above: ```kt //noinspection JavascriptInterface problematicStatement() ``` * Using a special `lint.xml` file in the source tree which turns off the check in that folder and any sub folder. A simple file might look like this: ```xml <?xml version="1.0" encoding="UTF-8"?> <lint> <issue id="JavascriptInterface" severity="ignore" /> </lint> ``` Instead of `ignore` you can also change the severity here, for example from `error` to `warning`. You can find additional documentation on how to filter issues by path, regular expression and so on [here](https://googlesamples.github.io/android-custom-lint-rules/usage/lintxml.md.html). * In Gradle projects, using the DSL syntax to configure lint. For example, you can use something like ```gradle lintOptions { disable 'JavascriptInterface' } ``` In Android projects this should be nested inside an `android { }` block. * For manual invocations of `lint`, using the `--ignore` flag: ``` $ lint --ignore JavascriptInterface ...` ``` * Last, but not least, using baselines, as discussed [here](https://googlesamples.github.io/android-custom-lint-rules/usage/baselines.md.html).