We find a new type of security issues caused by hybrid postMessage in mobile hybrid apps, i.e., “Origin Stripping Vulnerability” (OSV). To mitigate OSV from the root, we design and implement three new postMessage APIs, called OSV-Free.
Learn More…
Learn More…