6b9c19eceb
* Close S7201 * Update S6363 with updated descriptions * Update OWASP categories with S7201 info
8 lines
443 B
Plaintext
8 lines
443 B
Plaintext
== Recommended Secure Coding Practices
|
|
|
|
Avoid opening `file://` URLs from external sources in WebView components. If your application accepts arbitrary URLs
|
|
from external sources, do not enable this functionality. Instead, utilize `androidx.webkit.WebViewAssetLoader` to access
|
|
files, including assets and resources, via `http(s)://` schemes.
|
|
|
|
For enhanced security, ensure that the options to load `file://` URLs are explicitly set to false.
|