VasSonic is a lightweight and high-performance Hybrid framework developed by tencent VAS team, which is intended to speed up the first screen of websites working on Android and iOS platform.
Other
11.8k
stars
1.61k
forks
source link
Cross-Site Scripting: Inter-Component Communication #349
https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sample/src/main/java/com/tencent/sonic/demo/BrowserActivity.java#L71-L72 https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sample/src/main/java/com/tencent/sonic/demo/BrowserActivity.java#L111-L113 https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sample/src/main/java/com/tencent/sonic/demo/BrowserActivity.java#L188 https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sdk/src/main/java/com/tencent/sonic/sdk/SonicSessionClient.java#L35-L37 https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sdk/src/main/java/com/tencent/sonic/sdk/StandardSonicSession.java#L124 https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sample/src/main/java/com/tencent/sonic/demo/SonicSessionClientImpl.java#L40-L41
Sending unvalidated data to a web browser can result in the browser executing malicious code.