Call to dangerous WebView settings API
Call to dangerous WebView settings API
Description
List of all WebView methods used in the application.
Recommendation
If your application accesses sensitive data with a WebView, you may want to use the clearCache() method to delete any files stored locally.
Any URI received via an intent from outside a trust-boundary should be validated before rendering it with WebView
Links
- DRD02-J. Do not allow WebView to access sensitive local resource through file scheme (CERT Secure Coding)
- DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content (CERT Secure Coding)
Standards
- OWASP_MASVS_L1:
- MSTG_PLATFORM_3
- MSTG_PLATFORM_5
- OWASP_MASVS_L2:
- MSTG_PLATFORM_3
- MSTG_PLATFORM_5