viewcontroller using a NULL baseURL argument with the loadHTMLString baseURL method : data theorem

Question

I am facing the problem "MyViewcontroller using a NULL baseURL argument with the loadHTMLString baseURL method : data theorem"- i have successfully completed my task and all are working fine.

The Issue was in the OSWAP security scan for vulnerability it shows the above error.

My code snippet:-

  NSString *aHtmlString = kEmptyString;

    // Getting the bool from configuration plist
    NSString *thePlistPath = [[NSBundle mainBundle] pathForResource:@"config" ofType:@"plist"];
    NSDictionary *theURLdata = [[NSDictionary alloc] initWithContentsOfFile:thePlistPath];
    is

ServerFAQAvailable = [[theURLdata valueForKey:kIsServerFAQAvailableKey] boolValue];

if (one || two || three) {
   aHtmlString = [self loadFAQFor];
} else {
  aHtmlString = [self loadFAQForwithout];
}
NSURL *baseURL = [NSURL fileURLWithPath:thePlistPath];

[self.faqWebView loadHTMLString:aHtmlString baseURL:baseURL]; 

Update:

if (one || two || three) {
       aHtmlString = [self loadFAQFor];
    } else {
      aHtmlString = [self loadFAQForwithout];
    }
    NSURL *baseURL = [NSURL fileURLWithPath:@"about:blank"];

    [self.faqWebView loadHTMLString:aHtmlString baseURL:baseURL];

Still shows me scan issue

Answer 1

The issue is the baseURL: parameter. BaseURL isn't needed for an html string, it is usually used for relative links. If all you're trying to do is show some html, are you sure you need it?

The security issue flagged makes sense (my understanding, roughly): If a webview's baseURL is set to the local file system, then a page loaded (eventually) through that webview could access local resources.

Try passing nil for baseURL: should silence this warning.