0x6h - Author new content on Test Case "Testing Whether JavaScript can access native methods" [iOS]

[sushi2k]

@commjoen Are you working on this now?

[commjoen]

No

Sent from a mobile device with autocomplete.

Op 16 jun. 2017 07:10 schreef "Sven" notifications@github.com:

@commjoen https://github.com/commjoen Are you working on this now?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/OWASP/owasp-mstg/issues/380#issuecomment-308941949, or mute the thread https://github.com/notifications/unsubscribe-auth/ABY8PtIqAbA7PSGRfDfTfHC0fbudUQ68ks5sEhw8gaJpZM4Mqq9l .

[sushi2k]

@xep624 Can you already share a draft or when do you think it will be ready? Thanks

[sushi2k]

This test case doesn't make much sense for iOS. Closed it. https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06h-Testing-Platform-Interaction.md#testing-whether-java-objects-are-exposed-through-webviews

[bugwrangler]

Looks like its "Javascript" not the Java.

[sushi2k]

I closed it as there are no Java objects in iOS. But you are right it's about JavaScript accessing functions in iOS, which is of course possible (https://developer.apple.com/library/content/documentation/AppleApplications/Conceptual/SafariJSProgTopics/ObjCFromJavaScript.html). Thanks for your comment.

The actual problem is, that the MASVS requirement is not generic enough. Will make a PR for it.

[xep624]

I'll do this section next week (I'll start on 3rd July)

[sushi2k]

Great. Thanks Pawel

[xep624]

I see that this point is removed from TO DOs from the file 0x06h-Testing-Platform-Interaction.md. Should I just add it?

[sushi2k]

You can add it to "Exposing Native Objects to WebViews" https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06h-Testing-Platform-Interaction.md#exposing-native-objects-to-webviews