%0 Journal Article
%T Cross-site Scripting Attacks on Android WebView
%A Bhavani A B
%J International Journal of Computer Science and Network
%D 2013
%I IJCSN publisher
%X WebView is an essential component in Android and iOS. It enables applications to display content from on-line resources. It simplifies task of performing a network request, parsing the data and rendering it. WebView uses a number of APIs which can interact with the web contents inside WebView. In the current paper, Cross-site scripting attacks or XSS attacks specific to Android WebView are discussed. Cross-site scripting (XSS) is a type of vulnerability commonly found in web applications. This vulnerability makes it possible for attackers to run malicious code into victim¡¯s WebView, through HttpClient APIs. Using this malicious code, the attackers can steal the victim¡¯s credentials, such as cookies. The access control policies (i.e., the same origin policy) employed by the browser to protect those credentials can be bypassed by exploiting the XSS vulnerability.
%K Cross-site scripting Attacks
%K Web View
%K Http Client
%U http://ijcsn.org/IJCSN-2013/2-2/IJCSN-2013-2-2-03.pdf