WebViews can be used to display web content as part of a mobile application. A
browser engine is used to render and display the content. Like a web
application, a mobile application that uses WebViews can be vulnerable to
Cross-Site Scripting if untrusted code is rendered.

If malicious JavaScript code in a WebView is executed this can leak the contents
of sensitive files when access to local files is enabled.