Text changes to the help file

2026-01-05 18:50:23 +01:00 · 2020-06-15 21:26:39 +00:00
parent bd0c577ffd
commit ebc2bd9a58
1 changed files with 3 additions and 3 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.qhelp
@@ -13,11 +13,11 @@
  </overview>

  <recommendation>
-    <p>Only allow trusted web contents to be displayed in WebViews when JavaScript is enabled. And disallow universal resource access in WebSetting to reduce the attack surface .</p>
+    <p>Only allow trusted web contents to be displayed in WebViews when JavaScript is enabled. And disallow universal resource access in WebSettings to reduce the attack surface .</p>
  </recommendation>

  <example>
-    <p>The following example shows both 'BAD' and 'GOOD' configurations. In the 'BAD' configuration, setting is enabled and JavaScript is enabled while urls are loaded from externally controlled inputs. In the 'GOOD' configuration, JavaScript is disabled or only trusted web contents are allowed to be loaded.</p>
+    <p>The following example shows both 'BAD' and 'GOOD' configurations. In the 'BAD' configuration, universal resource access is enabled and JavaScript is enabled while urls are loaded from externally controlled inputs. In the 'GOOD' configuration, JavaScript is disabled or only trusted web contents are allowed to be loaded.</p>
    <sample src="UnsafeAndroidAccess.java" />
  </example>

@@ -28,4 +28,4 @@
      <a href="https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md">OWASP - Testing WebView Protocol Handlers (MSTG-PLATFORM-5 and MSTG-PLATFORM-6)</a>
    </li>
  </references>
-</qhelp>
+</qhelp>