- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Cross-Site Scripting: Reflected iOS App
We have an iOS App which we put through HP Fortify Mobile Assessment. One of the issue which the have pointed out is related Cross-Site Scripting. Basically what we are doing in our code is that we are sending value from iOS app to WebView. Below is the summary of the issue which they have provided.
Summary
The method webViewDidFinishLoad:() in ForgotViewController.m sends unvalidated data to a web browser on line 176, which can result in the browser executing malicious code.The method sends unvalidated data to a web browser which can result in the browser executing malicious code.
Explanation
Cross-site scripting (XSS) vulnerabilities occur when:
1. Data enters a web page through an untrusted source. In the case of Reflected XSS, the untrusted source is typically through user components, URL scheme handlers, or notifications, while in the case of Persistent (also known as Stored) XSS it is typically a database or other back-end datastore.
In this case the data enters at text() in ForgotViewController.m at line 138.
2. The data is included in dynamic content that is sent to a UIWebView component without being validated.
In this case the data is sent at stringByEvaluatingJavaScriptFromString:() in ForgotViewController.m at line 176.
Please see below the code Snippet where the issue is pointed line 138 is . Please help me out what is real issue they have pointed and how do we fix
NSString * emailValue = _txtEmail.text;
- (void)webViewDidFinishLoad:(UIWebView *)webView
{
NSString * emailValue = _txtEmail.text;
if (![Utility NSStringIsValidEmail:emailValue])
{
NSString*title=[appDelegate.dictCulture valueForKey:@"Alert"];
NSString*message= [appDelegate.dictCulture valueForKey:@"PleaseEnterAValidEmailAddress"];
NSString*okText =[appDelegate.dictCulture valueForKey:@"Ok"];
if (title.length==0)
{
title=@"Alert";
}
if (message.length==0)
{
message =@"Please enter a valid email address";
}
if (okText.length==0)
{
okText =@"Ok";
}
UIAlertController* Empty_Error = [UIAlertController alertControllerWithTitle: title message:message preferredStyle:UIAlertControllerStyleAlert];
UIAlertAction *ok = [UIAlertAction actionWithTitle:okText style:UIAlertActionStyleDefault handler:nil];
[Empty_Error addAction:ok];
[self presentViewController:Empty_Error animated:YES completion:nil];
}
else
{
NSString *javaScript = [NSString stringWithFormat:@"var textField = document.getElementById('testID').value = '%@';",emailValue];
[self.webView stringByEvaluatingJavaScriptFromString:javaScript];
NSString *jsStat = @"document.forms[0].submit()";
[webView stringByEvaluatingJavaScriptFromString:jsStat];
html = [self.webView stringByEvaluatingJavaScriptFromString:@"document.getElementsByTagName('html')[0].innerHTML"];
NSString * doc = [self.webView stringByEvaluatingJavaScriptFromString:@"document.documentElement.outerHTML"];
[self dismissViewControllerAnimated:YES completion:nil];
if([doc containsString:@"Thank you"])
{
[[NSURLCache sharedURLCache] removeAllCachedResponses];
self.webView=nil;
self.webView.delegate=nil;
NSString*title=[appDelegate.dictCulture valueForKey:@"Alert"];
NSString*message= [appDelegate.dictCulture valueForKey:@"ForgotPasswordText"];
NSString*okText =[appDelegate.dictCulture valueForKey:@"Ok"];
if (title.length==0)
{
title=@"Alert";
}
if (message.length == 0)
{
message =@"Thank you. You will receive further instructions by email how to renew your password.";
}
if (okText.length==0)
{
okText =@"Ok";
}
UIAlertController* alert = [UIAlertController alertControllerWithTitle:title message:message preferredStyle:UIAlertControllerStyleAlert];
UIAlertAction *ok = [UIAlertAction actionWithTitle:okText style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) {
[self stopLoading];
}];
[alert addAction:ok];
[self presentViewController:alert animated:YES completion:nil];
}
}
}
