To improve app security when opening URLs, validate each URL before the container calls it. If a URL is not on the whitelist, block the call.
Validate the URL before calling the following interfaces:
// Check if the URL is on the whitelist.
NSString *urlWhiteList = @"xxxx";
NSURL *url = [NSURL URLWithString:@"https://example.com/products/xxx"];
if (![url.host isEqualToString:urlWhiteList]) {
return;
}
// Open an online URL.
[[MPNebulaAdapterInterface shareInstance] startH5ViewControllerWithParams:@{@"url": @"https://example.com/products/xxx"}];
// Create a view controller (vc) based on the URL.
MPH5WebViewController *vc = (MPH5WebViewController *)[[MPNebulaAdapterInterface shareInstance] createH5ViewController:@{@"url":@"https://example.com/products/xxx"}];Important
Perform a strict match on URLs that includes at least the scheme and host of the URI. Use regular expression matching with caution, or avoid it. Do not use imprecise functions such as contains, startsWith, endsWith, or indexOf.