Replace eval() with a secure alternative #2745
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
Dears,
eval() is unsafe and introduces a significant security risk, especially when used inside iframes. In addition:
eval() can silently fail due to the ignored catch block.
Many browsers block or restrict JavaScript evaluation inside cross-origin iframes, causing inconsistent behavior.
This update removes eval() and replaces it with a more secure and reliable implementation.
Regards
Expected Behavior
eval() is unsafe and introduces a significant security risk, especially when used inside iframes. In addition:
eval() can silently fail due to the ignored catch block.
Many browsers block or restrict JavaScript evaluation inside cross-origin iframes, causing inconsistent behavior.
This update removes eval() and replaces it with a more secure and reliable implementation.
Steps with code example to reproduce
Steps with code example to reproduce
open file in path flutter_inappwebview_web/assets/web/web_support.js to see the eval function
Stacktrace/Logs
Stacktrace/Logs
<Replace this line by pasting your stacktrace or logs here>
Flutter version
Flutter 3.35.4 • channel stable
Operating System, Device-specific and/or Tool
Flutter 3.35.4 • channel stable • https://github.com/flutter/flutter.git
Plugin version
6.1.5
Additional information
No response
Self grab
- I'm ready to work on this issue!