rspec/rules/S7409/description.adoc

Using JavaScript interfaces in WebViews to expose Java objects is unsafe. Doing so allows JavaScript
to invoke Java methods, potentially giving attackers access to data or sensitive app functionality.
WebViews might include untrusted sources such as third-party iframes, making this functionality
particularly risky. As JavaScript interfaces are passed to every frame in the WebView, those iframes
are also able to access the exposed Java object.
SONARJAVA-5412 Modify rule S7409: Add Java language 2025-03-28 20:51:38 +01:00			`Using JavaScript interfaces in WebViews to expose Java objects is unsafe. Doing so allows JavaScript`
			`to invoke Java methods, potentially giving attackers access to data or sensitive app functionality.`
			`WebViews might include untrusted sources such as third-party iframes, making this functionality`
			`particularly risky. As JavaScript interfaces are passed to every frame in the WebView, those iframes`
			`are also able to access the exposed Java object.`