CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • GitHub Enterprise
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • Quality gates
  • Automated scans
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
      • Biometrics-and-auth
      • Commoncrypto
      • Cryptoswift
      • Insecure-communication
      • Lang
      • Pathtraversal
      • Sql
      • Sqllite
      • Webview
      • Webview
        • Webview-allow-js
        • Webview-baseurl
          • Swift webview config base url
        • Webview-evaluatejavascript-xss
        • Webview-fileaccess
        • Webview-fraudulent
        • Webview-https
        • Webview-loadhtmlstring-xss
        • Webview-permission-readaccess
        • Webview-universal-fileaccess
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Webview-baseurl

Swift webview config base url

swift-webview-config-base-url

UIWebView instances were observed where the baseURL is misconfigured as nil, which allows for origin abuse within the webview. In order to remove the effective origin, the application should explicitly set the baseURL to about:blank or similar.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-272: Least Privilege Violation
Swift webview config allows jsSwift evaluate js
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.