File Based Cross Zone Scripting #121
Description
After obtaining the parameters from the Intent, it is directly passed to webView.loadUrl() without checking. The File Based Cross Zone Scripting vulnerability will occur when the following two conditions are met:
(1) Load a file, which may allow scripts to be run in your application.
(2) The loaded script uses the same source as the running application.