9

I am facing the problem "MyViewcontroller using a NULL baseURL argument with the loadHTMLString baseURL method : data theorem"- i have successfully completed my task and all are working fine.

The Issue was in the OSWAP security scan for vulnerability it shows the above error.

My code snippet:-

  NSString *aHtmlString = kEmptyString;

    // Getting the bool from configuration plist
    NSString *thePlistPath = [[NSBundle mainBundle] pathForResource:@"config" ofType:@"plist"];
    NSDictionary *theURLdata = [[NSDictionary alloc] initWithContentsOfFile:thePlistPath];
    is

ServerFAQAvailable = [[theURLdata valueForKey:kIsServerFAQAvailableKey] boolValue];

if (one || two || three) {
   aHtmlString = [self loadFAQFor];
} else {
  aHtmlString = [self loadFAQForwithout];
}
NSURL *baseURL = [NSURL fileURLWithPath:thePlistPath];

[self.faqWebView loadHTMLString:aHtmlString baseURL:baseURL];

Update:

if (one || two || three) {
       aHtmlString = [self loadFAQFor];
    } else {
      aHtmlString = [self loadFAQForwithout];
    }
    NSURL *baseURL = [NSURL fileURLWithPath:@"about:blank"];

    [self.faqWebView loadHTMLString:aHtmlString baseURL:baseURL];

Still shows me scan issue

Improve this question
6
  • I would start by logging the values of thePlistPath (and possibly theURLdata), and verifying that you actually have a file at the location pointed to by thePlistPath. If you don't, then [NSURL fileURLWithPath:thePlistPath]; will likely return nil and theURLdata will also likely be nil. Commented Jul 22, 2016 at 16:14
  • what is ee, yy and ii ? please use clear variable names, also what's the values of kConfigurationPlistName and kPlistFormType ? does that set the value of thePlistPath properly or is it Nil ? Commented Jul 25, 2016 at 10:50
  • @MostafaTorbjørnBerg hi that is the condition based variables in the loadFAQForewithout inside i am constructing the html .js and .css file Commented Jul 25, 2016 at 11:03
  • Two days only there i am available on next 48 hours . anybody need more information means feel free to ask . any hint will be help full . Commented Jul 26, 2016 at 7:05
  • have you tried just passing [NSURL new] in baseURL param. Commented Jul 27, 2016 at 18:35

2 Answers 2

Reset to default
5
+25

The issue is the baseURL: parameter. BaseURL isn't needed for an html string, it is usually used for relative links. If all you're trying to do is show some html, are you sure you need it?

The security issue flagged makes sense (my understanding, roughly): If a webview's baseURL is set to the local file system, then a page loaded (eventually) through that webview could access local resources.

Try passing nil for baseURL: should silence this warning.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

Related url in that means What ? Could you please provided details
Relative path in the sense ?..., this is also relative path right [NSURL fileURLWithPath:@"about:blank"]
you have any suggestion on about giving relative path
@Spynet ("about:blank" --I'm not sure how UIWebView handles that.) Regardless, a relative link is relative to the base URL. On the normal internet, if a webpage starts at "website.com/about" the BaseURL would be website.com and a relative link would be "/services"--don't need full address. But a URL can be for files and a base URL to the local directory. In this case, the webview gets special permission to read local files. If that html links to an external page, the UIWebView will still have that permission, and (apparently) that page could read local files-- this is the security issue.
If do you want relative local-directory links, to get around the security issue you could implement the webview delegate and intercept clicked links, recreating the full relative path. If all you want to do is show local html, you don't need a base URL and set it to nil.
|
1

baseURL should be [[NSBunld mainBunld] bunldPath], you can try like this..

NSString *path = [[NSBundle mainBundle]bundlePath];
NSString *htmlPath = [[NSBundle mainBundle] pathForResource:self.htmlName ofType:@"html"];
NSString *htmlContent = [NSString stringWithContentsOfFile:htmlPath encoding:NSUTF8StringEncoding error:nil];
[self.webView loadHTMLString:htmlContent baseURL:[NSURL fileURLWithPath:path]];
Improve this answer

1 Comment

Lastly i found the right answer is [NSURL URLWithString:@"about:blank"], Thanks a for the help man

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.