BLINK_FEATURES_HTML_CHECK

Luca Carettoni edited this page Jan 16, 2019 · 3 revisions

BLINK_FEATURES_CHECK - Do not use Chromium’s experimental features

The blinkFeatures / enableBlinkFeatures flag can be used to selectively enable Blink (Chromium web browser engine) features, which increases the overall attack surface for production applications.


Risk

Experimental features may introduce bugs and increase the application attack surface.

Auditing

Search for blinkFeatures / enableBlinkFeatures flags set to true within webview tags:

<webview src="https://doyensec.com/" blinkfeatures="PreciseMemoryInfo,CSSVariables"></webview>

References

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.