Twitter: raymondcamden


Address: Lafayette, LA, USA

White paper on Hybrid Mobile Apps

06-02-2014 3,062 views Mobile, HTML5 Comments

I'm just passing this along, but I think folks who are doing work in the mobile space and making use of tools like Cordova may find this useful: Code Injection Attacks on HTML5-based Mobile Apps. It is a bit long winded and repetitive, and also a bit out of date (it talks about PhoneGap and how it ships a set of core plugins, which hasn't been true since 3.0). It also makes some pretty odd statements like, apparently, the same HTML, CSS, and JS works the same across different platforms. Yeah, I'd love to live in that world. But despite that, it does make a good point about XSS and hybrid applications. Read it - digest it - and think about it.

Also be sure to read the recently released Security Guide for Cordova.

0 Comments

Post Reply

Please refrain from posting large blocks of code as a comment. Use Pastebin or Gists instead. Text wrapped in asterisks (*) will be bold and text wrapped in underscores (_) will be italicized.

Leave this field empty