Open utsavDave97 opened 1 month ago
OriMedallia
commented
1 month ago Hi,
Please contact your Digital Expert with all the information including a video of the all the information you can share about this. Once the Digital Expert raises a ticket, we'll be able to prioritize it for the team.
Thanks, Ori
utsavDave97
commented
1 month ago @OriMedallia Thank you for your comment. Would you happen to know whats the tech risk for this finding?
OriMedallia
commented
1 month ago We'll have to investigate once a ticket is raised, but I can tell you that we have this code from day 1 (over 6 years, hundreds of customers are using it and we never had any issues.
In the investigation we'll check the option to start using WKContentWorld for iOS 14 and above
utsavDave97
commented
1 month ago @OriMedallia True that. Thank you again. Let me see about ticket. Appreciate it.
utsavDave97
commented
1 month ago @OriMedallia Also, would you happen to know how to raise a ticket?
OriMedallia
commented
1 month ago @utsavDave97 Please contact your Medallia Digital Expert. He's your company's contact person. Let me know the name of the company and the app you're working on and I'll try to help on my side as well.
We are using medallia-digital-ios-sdk (4.5.1)
Recommendation:
When injecting JavaScript into a web page, utilize the iOS 14 APIs that allow sandboxed JavaScript execution. To do so, pass a WKContentWorld instance for the App JavaScript to execute within, which ensures code isolation from third-party JavaScript.
I was wondering if this is something which could be fixed. Thank you.