Best practices for developing secure WebView2 applications
The WebView2 control allows developers to host web content in the native applications. When used correctly, hosting web content offers several advantages, such as using web-based UI, accessing features of the web platform, sharing code cross-platform, and so on. To avoid vulnerabilities that can arise from hosting web content, make sure to design your WebView2 application to closely monitor interactions between the web content and the host application.
- Treat all web content as insecure.
- Validate web messages and host object parameters before consuming each, because web messages and parameters can be malformed (unintentionally or maliciously) and cause the app to behave unexpectedly.
- Always check the origin of the document running inside WebView2 and assess the trustworthiness of the content.
- Design specific web messages and host object interactions instead of using generic proxies.
- Set the following options to restrict web content functionality by modifying ICoreWebView2Settings (Win32) or CoreWebView2Settings (.NET).
false, if you do not expect the web content to access host objects.
false, if you do not expect the web content to post web messages to your native application.
false, if you do not expect the web content to run scripts (for example, when showing static html content).
false, if you do not expect the web content to show
- In the following steps, use the
FrameNavigationStartingevents to update settings based on the origin of the new page.
- When navigating to a new document, use the
ContentLoadingevent to remove exposed host objects using