6b9c19eceb
* Close S7201 * Update S6363 with updated descriptions * Update OWASP categories with S7201 info
8 lines
556 B
Plaintext
8 lines
556 B
Plaintext
Exposing the Android file system to WebViews is security-sensitive.
|
|
|
|
Granting file access to WebViews, particularly through the `file://` scheme, introduces a risk of local file inclusion
|
|
vulnerabilities. The severity of this risk depends heavily on the specific `WebSettings` configured. Overly permissive
|
|
settings can allow malicious scripts to access a wide range of local files, potentially exposing sensitive data such as
|
|
Personally Identifiable Information (PII) or private application data, leading to data breaches and other security
|
|
compromises.
|