Merge pull request #201 from ndmedeiros/feature/vuln

[CHANGED] solve a vulnerability bug

CHANGELOG.md

@@ -1,3 +1,7 @@
+## [Unrelease] 
+### Changed
+- Se verifica una URL sacando la vulnerabilidade de injeción de HTML
+
 ## [1.56.2] - 2023-07-10
 ### Fixed
 - Se revierten cambios de LoyaltyCongrats para agilizar otros desarrollos

Source/Components/Touchpoints/LiveImages/MLBusinessLiveImagesWebView.swift

@@ -50,6 +50,10 @@ class MLBusinessLiveImagesWebView: UIView {
     }
 
     func loadImage(from url: String) {
+        guard let urlString = URL(string: url) else {
+            return
+        }
+
         let html = """
         <html>
         <style>
@@ -91,7 +95,7 @@ class MLBusinessLiveImagesWebView: UIView {
         </html>
         """
 
-        let imageDataString = "data:image/webp;base64, \(url)"
+        let imageDataString = "data:image/webp;base64, \(urlString)"
 
         let s = html.replacingOccurrences(of: "[URL]", with: imageDataString)
         webview.loadHTMLString(s, baseURL: nil)
@@ -109,4 +113,3 @@ extension MLBusinessLiveImagesWebView: WKNavigationDelegate {
         imageAnimationManager?.changeState(to: .readyToPlay)
     }
 }
-