CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
        • Biometrics-and-auth
        • Commoncrypto
        • Cryptoswift
        • Insecure-communication
        • Lang
        • Pathtraversal
        • Sql
        • Sqllite
        • Webview
        • Webview
          • Webview-allow-js
          • Webview-baseurl
            • Swift webview config base url
          • Webview-evaluatejavascript-xss
          • Webview-fileaccess
          • Webview-fraudulent
          • Webview-https
          • Webview-loadhtmlstring-xss
          • Webview-permission-readaccess
          • Webview-universal-fileaccess
      • Terraform
      • Typescript
      • Yaml
    Webview-baseurl

    Swift webview config base url

    swift-webview-config-base-url

    UIWebView instances were observed where the baseURL is misconfigured as nil, which allows for origin abuse within the webview. In order to remove the effective origin, the application should explicitly set the baseURL to about:blank or similar.
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-272: Least Privilege Violation
    Swift webview config allows jsSwift evaluate js
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.