we have two test cases that both go somehow in the same direction:
V6.6: "WebViews are configured to allow only the minimum set of protocol handlers required (ideally, only https is supported). Potentially dangerous handlers, such as file, tel and app-id, are disabled."
V6.7: "The app does not load user-supplied local resources into WebViews."
Hi,
we have two test cases that both go somehow in the same direction:
This just popped up yesterday during a PR https://github.com/OWASP/owasp-mstg/pull/608#discussion_r125383110.
I would say we merge both of them into one, as the test cases would be redundant otherwise and it wouldn't provide much benefit to split them.
Any objection or anything I am missing?