mirror of
https://github.com/FuzzingLabs/fuzzforge_ai.git
synced 2026-02-13 05:52:45 +00:00
17 lines
444 B
YAML
17 lines
444 B
YAML
rules:
|
|
- id: webview-javascript-enabled
|
|
severity: ERROR
|
|
languages: [java]
|
|
message: "WebView with JavaScript enabled can be dangerous if loading untrusted content."
|
|
metadata:
|
|
authors:
|
|
- Guerric ELOI (FuzzingLabs)
|
|
owasp-mobile: M7
|
|
category: webview
|
|
area: ui
|
|
verification-level: [L1]
|
|
paths:
|
|
include:
|
|
- "**/*.java"
|
|
pattern: "$W.getSettings().setJavaScriptEnabled(true)"
|