Recorded calls to dangerous WebView settings API
Recorded calls to dangerous WebView settings API
Description
List of all WebView methods used in the application.
Recommendation
If your application accesses sensitive data with a WebView, you may want to use the clearCache() method to delete any files stored locally.
Any URI received via an intent from outside a trust-boundary should be validated before rendering it with WebView
Links
- DRD02-J. Do not allow WebView to access sensitive local resource through file scheme (CERT Secure Coding)
- DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content (CERT Secure Coding)
Standards
- OWASP_MASVS_L1:
- MSTG_PLATFORM_2
- OWASP_MASVS_L2:
- MSTG_PLATFORM_2