Open prashant-ERA opened 3 days ago
Can you give me some more information? For example why are you using a webview for Flutter Stripe? What is the element that you are talking about?
We do not create elements ourselves and host only Stripe Native elements that are tested and verified against the highest security requirements
Describe the bug A clear and concise description of what the bug is. I am using flutter_stripe in my project. During code review it was found that WebView Permits JavaScript execution in its WebView implementation. Whilst this setting can be essential for certain interactive web content, it can also introduce various security weaknesses if the WebView is used to load untrusted or dynamically generated content. Vulnerabilities like Cross-Site Scripting (XSS) have become a significant concern in such scenarios and could expose the application and its users to various security threats. These threats include stealing user data, accessing local resources, or manipulating application behaviour.
To Reproduce Steps to reproduce the behavior:
Expected behavior A clear and concise description of what you expected to happen.
Smartphone / tablet
Additional context Add any other context about the problem here.