-
Notifications
You must be signed in to change notification settings - Fork 65
INSECURE_CONTENT_HTML_CHECK
When using HTTP as the transport, security is provided by Transport Layer Security (TLS). TLS, and its predecessor SSL, are widely used on the Internet to authenticate a service to a client, and then to provide confidentiality to the channel.
Mixed content occurs when the initial HTML page is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection.
HTTP, Mixed Content and opting out of TLS validation should not be used, as it
makes it possible to eavesdrop on and tamper with the traffic between the user and the application.
If nodeIntegration
is also enabled, an attacker can inject malicious JavaScript and compromise the user’s host.
Search for allowRunningInsecureContent set to true/1 within the webPreferences
attribute in the webview
tag:
<webview src= "https://doyensec.com" webPreferences="allowRunningInsecureContent=true"></webview>