avoid-unrestricted-navigation
Warns when WebViews allow users to navigate to any URL by clicking links or through JavaScript.
Permitting unrestricted navigation within an app’s WebView can lead to significant security vulnerabilities. For example, an element within the page (e.g., an ad) could redirect the user to a convincing phishing site designed to steal credentials. Since the WebView is part of the trusted application and lacks standard browser interface elements, users are more susceptible to such deception.
Furthermore, if a page with a Cross-Site Scripting (XSS) vulnerability is loaded, the ability to navigate freely can expand the attack’s scope or be used to further mislead the user. This loss of contextual security makes it difficult for users to identify and avoid malicious websites.
Example
❌ Bad:
void fn() {
WebViewController()
// LINT: Avoid unrestricted navigation as it expands the attack surface to cross-site scripting (XSS) vulnerabilities.
// Consider preventing navigation to arbitrary URLs.
..setNavigationDelegate(NavigationDelegate());
// LINT: Avoid unrestricted navigation as it expands the attack surface to cross-site scripting (XSS) vulnerabilities.
// Consider preventing navigation to arbitrary URLs.
InAppWebViewSettings();
// LINT: Avoid unrestricted navigation as it expands the attack surface to cross-site scripting (XSS) vulnerabilities.
// Consider preventing navigation to arbitrary URLs.
InAppWebViewSettings(useShouldOverrideUrlLoading: false);
// LINT: Avoid unrestricted navigation as it expands the attack surface to cross-site scripting (XSS) vulnerabilities.
// Consider preventing navigation to arbitrary URLs.
HeadlessInAppWebView(InAppWebViewSettings(useShouldOverrideUrlLoading: false));
}
✅ Good:
void fn() {
WebViewController()..setNavigationDelegate(
NavigationDelegate(onNavigationRequest: () {
...
})
);
InAppWebViewSettings(useShouldOverrideUrlLoading: true);
HeadlessInAppWebView(InAppWebViewSettings(useShouldOverrideUrlLoading: true));
}