CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
        • Biometrics-and-auth
        • Commoncrypto
        • Cryptoswift
        • Insecure-communication
        • Lang
        • Pathtraversal
        • Sql
        • Sqllite
        • Webview
        • Webview
          • Webview-allow-js
          • Webview-baseurl
          • Webview-evaluatejavascript-xss
            • Swift evaluate js
          • Webview-fileaccess
          • Webview-fraudulent
          • Webview-https
          • Webview-loadhtmlstring-xss
          • Webview-permission-readaccess
          • Webview-universal-fileaccess
      • Terraform
      • Typescript
      • Yaml
    Webview-evaluatejavascript-xss

    Swift evaluate js

    Potential cross site scripting (XSS) occurs due to untrusted input being loaded into a WebView. The impact of such issues can vary depending on the features, permissions and exposure of data & functionality that the WebView contains. For example, in some applications the presence of JavaScript bridges may allow for the instrumentation of application code, and potentially arbitrary code execution in the context of the app. In other instances, it may be possible to manipulate the DOM to redraw the UI and phish users, or execute other typical XSS attacks.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
    OWASP:
    - A07:2017 - Cross-Site Scripting (XSS)
    - A03:2021 - Injection

    Swift webview config base urlSwift webview config allows file access
    twitterlinkedin
    Powered by Mintlify