Java: documentation cleanup for WebView file access query

2026-05-01 19:55:15 +02:00 · 2022-11-14 15:14:09 -05:00
parent 7a0544d80e
commit 2fb9536847
1 changed files with 2 additions and 14 deletions
--- a/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.qhelp
+++ b/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.qhelp
@@ -6,8 +6,8 @@
    <p>
      File access in an Android WebView can expose the device's file system to
      the JavaScript running in the WebView. If there are vulnerabilities in the
-      JavaScript, file access may allow an attacker to access or steal the
-      user's data.
+      JavaScript or untrusted content is loaded in the WebView, file access may
+      allow an attacker to access or steal the user's data.
    </p>
  </overview>

@@ -40,18 +40,6 @@
    <li>
      Android documentation: <a href="https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccessFromFileURLs(boolean)">WebSettings.setAllowFileAccessFromFileURLs</a>.
    </li>
-    <li>
-      Android documentation: <a href="https://developer.android.com/reference/android/webkit/WebSettings#setAllowUniversalAccessFromFileURLs(boolean)">WebSettings.setAllowUniversalAccessFromFileURLs</a>.
-    </li>
-    <li>
-      File access from URLs is enabled for WebView: <a href="https://oversecured.com/vulnerabilities#Android/File_access_from_file_URLs_is_enabled_for_WebView">File access for URLs is enabled for WebView</a>.
-    </li>
-    <li>
-      File access is enabled for WebView: <a href="https://oversecured.com/vulnerabilities#Android/File_access_is_enabled_for_WebView">File access is enabled for WebView</a>.
-    </li>
-    <li>
-      Universal file access from file URLs is enabled for WebView: <a href="https://oversecured.com/vulnerabilities#Android/Universal_file_access_from_file_URLs_is_enabled_for_WebView">Universal file access from file URLs is enabled for WebView</a>.
-    </li>
  </references>

 </qhelp>