This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
WebView
WebView

Version management

Difference between version and

At line 1 added 21 lines
!!! Overview[1][2]
[{$pagename}] is an [Embedded user-agent] and typically a web browser UI component that can be embedded in apps to render web pages.
!! [Vulnerability][3]
That depends on how you use [{$pagename}] with your app.
For example, GMail app uses [{$pagename}] to view emails in a very safe way. The major risks comes from loading arbitrary 3rd-party content into your [{$pagename}].
[System browsers] deal with this problem by sandboxing web pages inside separate processes, so even if the page code exploits some security vulnerability of the rendering engine and gains control over it, it still would not be able act on behalf of the [System browsers]. [{$pagename}] is single-process, so any security [vulnerability] in the renderer engine practically grants any malicious code the same rights as your application has.
Loading in an [iframe] will not help if the page is exploiting some renderer vulnerability via [JavaScript]. If you don't fully [trust] your third party, you should not use any code from them.
So basically, the rule for safe [{$pagename}] use is to only load trusted content. If you need to display user-provided content, accept plain text only and sanitize it. Avoid enabling [JavaScript]. Target the most recent [API] level.
The preferred method is to make use of the [External User-Agent]!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Apple WebView|https://developer.apple.com/library/mac/documentation/Cocoa/Reference/WebKit/Classes/WebView_Class/|target='_blank'] - based on information obtained 2016-01-15
* [#2] - [Android WebView|https://developer.android.com/reference/android/webkit/WebView.html|target='_blank'] - based on information obtained 2016-01-15
* [#3] - [Security risks for using WebView (IOS,Android)|https://stackoverflow.com/questions/32356646/security-risks-for-using-webview-ios-android|target='_blank'] - based on information obtained 2016-01-15
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop