10 lines
654 B
Plaintext
10 lines
654 B
Plaintext
WebViews can be used to display web content as part of a mobile application. A
|
|
browser engine is used to render and display the content. Like a web
|
|
application, a mobile application that uses WebViews can be vulnerable to
|
|
Cross-Site Scripting if untrusted code is rendered. In the context of a WebView,
|
|
JavaScript code can exfiltrate local files that might be sensitive or even
|
|
worse, access exposed functions of the application that can result in more
|
|
severe vulnerabilities such as code injection. Thus JavaScript support should
|
|
not be enabled for WebViews unless it is absolutely necessary and the
|
|
authenticity of the web resources can be guaranteed.
|