Skip to content

Commit fccb581

Browse files
d10csabrowning1
d10c
and
sabrowning1
authored
Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp
Co-authored-by: Sam Browning <[email protected]>
1 parent cb7d9d5 commit fccb581

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
</overview>
99
<recommendation>
1010

11-
<p>When loading JavaScript into a web view, evaluate only known, locally-defined source code. If a part of the input does come from a remote source, instead of injecting it into the JavaScript code to be evaluated, prefer sending it as data to the web view using an API such as <code>WKWebView.callAsyncJavaScript</code> with the <code>arguments</code> dictionary to pass remote data objects.</p>
11+
<p>When loading JavaScript into a web view, evaluate only known, locally-defined source code. If part of the input comes from a remote source, do not inject it into the JavaScript code to be evaluated. Instead, send it to the web view as data using an API such as <code>WKWebView.callAsyncJavaScript</code> with the <code>arguments</code> dictionary to pass remote data objects.</p>
1212

1313
</recommendation>
1414
<example>

0 commit comments

Comments
 (0)