Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

viewcontroller using a NULL baseURL argument with the loadHTMLString baseURL method : data theorem

I am facing the problem "MyViewcontroller using a NULL baseURL argument with the loadHTMLString baseURL method : data theorem"- i have successfully completed my task and all are working fine.

The Issue was in the OSWAP security scan for vulnerability it shows the above error.

My code snippet:-

  NSString *aHtmlString = kEmptyString;

    // Getting the bool from configuration plist
    NSString *thePlistPath = [[NSBundle mainBundle] pathForResource:@"config" ofType:@"plist"];
    NSDictionary *theURLdata = [[NSDictionary alloc] initWithContentsOfFile:thePlistPath];
    is

ServerFAQAvailable = [[theURLdata valueForKey:kIsServerFAQAvailableKey] boolValue];

if (one || two || three) {
   aHtmlString = [self loadFAQFor];
} else {
  aHtmlString = [self loadFAQForwithout];
}
NSURL *baseURL = [NSURL fileURLWithPath:thePlistPath];

[self.faqWebView loadHTMLString:aHtmlString baseURL:baseURL]; 

Update:

if (one || two || three) {
       aHtmlString = [self loadFAQFor];
    } else {
      aHtmlString = [self loadFAQForwithout];
    }
    NSURL *baseURL = [NSURL fileURLWithPath:@"about:blank"];

    [self.faqWebView loadHTMLString:aHtmlString baseURL:baseURL];

Still shows me scan issue

like image 230
Arun Avatar asked Jun 29 '16 14:06

Arun


1 Answers

The issue is the baseURL: parameter. BaseURL isn't needed for an html string, it is usually used for relative links. If all you're trying to do is show some html, are you sure you need it?

The security issue flagged makes sense (my understanding, roughly): If a webview's baseURL is set to the local file system, then a page loaded (eventually) through that webview could access local resources.

Try passing nil for baseURL: should silence this warning.

like image 141
Mike Sand Avatar answered Sep 21 '22 16:09

Mike Sand