|
|
|
|
|
|
by pfraze
2401 days ago
|
|
|
When you control the webview, you can establish fairly strong limits on where content and code can come from, same as with CSPs. Injection into the context really shouldn't be possible. You'd need to hit some kind of exploit such as an image-parsing buffer overflow, which any other frontend technology would be vulnerable to. Given that web tech gets a lot of attention to avoid those kinds of exploits, I think web platform UIs might be the safer call. |
|
|