From ebc2bd9a58033cfbf630ea0b433b393a54c4e89a Mon Sep 17 00:00:00 2001 From: luchua-bc Date: Mon, 15 Jun 2020 21:26:39 +0000 Subject: [PATCH] Text changes to the help file --- .../Security/CWE/CWE-749/UnsafeAndroidAccess.qhelp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.qhelp b/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.qhelp index fcae00945a2..653b1a6a2a5 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.qhelp +++ b/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.qhelp @@ -13,11 +13,11 @@ -

Only allow trusted web contents to be displayed in WebViews when JavaScript is enabled. And disallow universal resource access in WebSetting to reduce the attack surface .

+

Only allow trusted web contents to be displayed in WebViews when JavaScript is enabled. And disallow universal resource access in WebSettings to reduce the attack surface .

 -

The following example shows both 'BAD' and 'GOOD' configurations. In the 'BAD' configuration, setting is enabled and JavaScript is enabled while urls are loaded from externally controlled inputs. In the 'GOOD' configuration, JavaScript is disabled or only trusted web contents are allowed to be loaded.

+

The following example shows both 'BAD' and 'GOOD' configurations. In the 'BAD' configuration, universal resource access is enabled and JavaScript is enabled while urls are loaded from externally controlled inputs. In the 'GOOD' configuration, JavaScript is disabled or only trusted web contents are allowed to be loaded.

 @@ -28,4 +28,4 @@ OWASP - Testing WebView Protocol Handlers (MSTG-PLATFORM-5 and MSTG-PLATFORM-6) - \ No newline at end of file +