Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
# [11.0.0](react-native-webview/react-native-webview@v10.10.2...v11.0.0) (2020-11-24) ### Features * **android:** Introduce setSupportMultipleWindows to mitigate CVE-2020-6506 ([#1747](react-native-webview/react-native-webview#1747) by [@mrcoinbase](https://github.com/mrcoinbase) and [@kelset](https://github.com/kelset) -- THANK YOU!) ([194c6a2](react-native-webview/react-native-webview@194c6a2)) ### BREAKING CHANGES * **android:** This release introduces the `setSupportMultipleWindows` prop for Android. This sets the underlying Android WebView setting `setSupportMultipleWindows`. This prop defaults to `true` (previously `false`), and serves to mitigate the security advisory [CVE-2020-6506](GHSA-36j3-xxf7-4pqg). The primary way this new behavior changes existing React Native WebView implementations on Android is that links that open in new tabs/windows (such as `<a target="_blank">`) will now prompt to open in the system browser, rather than re-using the current WebView. If this behavior is not desirable, you can set this new prop to `false`, but be aware that this exposes your app to the security vulnerability listed above. Make sure you have read and understand the whole advisory and relevant links. iOS & Windows are unaffected. ```jsx <WebView // ... setSupportMultipleWindows={true} // default: true /> ``` Thanks to @mrcoinbase, @kelset, and @Titozzz for their work on this.
- Loading branch information