Description
Is this a bug report?
(Yes)
Have you read the Contributing Guidelines?
(Yes)
Environment
com.facebook.react:react-native:0.44.0
Steps to Reproduce
When the user chooses to save the user name and password entered in the WebView, they are explicitly stored in the databases/webview.db of the application data directory, because of ignoring the WebView setSavePassword. If the phone is root you can get the plaintext saved password, resulting in the user's personal sensitive data leakage.
Several methods may cause this loophole are found as follows:
Lcom/facebook/react/views/webview/ReactWebViewManager; receiveCommand (Landroid/webkit/WebView; I Lcom/facebook/react/bridge/ReadableArray;)V-->Landroid/webkit/WebView; loadUrl (Ljava/lang/String;)V
Lcom/facebook/react/views/webview/ReactWebViewManager; receiveCommand (Landroid/webkit/WebView; I Lcom/facebook/react/bridge/ReadableArray;)V-->Landroid/webkit/WebView; loadUrl (Ljava/lang/String;)V
Lcom/facebook/react/views/webview/ReactWebViewManager; setSource (Landroid/webkit/WebView; Lcom/facebook/react/bridge/ReadableMap;)V-->Landroid/webkit/WebView; loadUrl (Ljava/lang/String; Ljava/util/Map;)V
Lcom/facebook/react/views/webview/ReactWebViewManager; setSource (Landroid/webkit/WebView; Lcom/facebook/react/bridge/ReadableMap;)V-->Landroid/webkit/WebView; loadUrl (Ljava/lang/String;)V
By calling WebView.getSettings().setSavePassword(false) can prohibit users from saving passwords, which may avoid this loophole.
http://developer.android.com/reference/android/webkit/WebSettings.html#setSavePassword(boolean)
Expected Behavior
(Write what you thought would happen.)
Actual Behavior
(Write what happened. Add screenshots!)
Reproducible Demo
(Paste the link to an example project and exact instructions to reproduce the issue.)