v11.0.0
·
359 commits
to master
since this release
11.0.0 (2020-11-24)
Features
- android: Introduce setSupportMultipleWindows to mitigate CVE-2020-6506 (#1747 by @mrcoinbase and @kelset -- THANK YOU!) (194c6a2)
BREAKING CHANGES
- android: This release introduces the
setSupportMultipleWindowsprop for Android. This sets the underlying Android WebView settingsetSupportMultipleWindows. This prop defaults totrue(previouslyfalse), and serves to mitigate the security advisory CVE-2020-6506.
The primary way this new behavior changes existing React Native WebView implementations on Android is that links that open in new tabs/windows (such as <a target="_blank">) will now prompt to open in the system browser, rather than re-using the current WebView.
If this behavior is not desirable, you can set this new prop to false, but be aware that this exposes your app to the security vulnerability listed above. Make sure you have read and understand the whole advisory and relevant links.
iOS & Windows are unaffected.
<WebView
// ...
setSupportMultipleWindows={true} // default: true
/>Thanks to @mrcoinbase, @kelset, and @Titozzz for their work on this.