Validate scanned URLs to prevent corrupt app settings
ewanas opened this issue · comments
El-Hassan Wanas commented
If a user scans a QR code that represents an invalid URL, onboarding succeeds, but the app is stuck in a crash loop on startup[1].
Fix
- Validate scanned URL during onboarding to prevent invalid URLs from being stored
Test
- Scan a QR code with an invalid URL
Expectation
- An error message is shown and the user can scan again
Actual result
- Onboarding succeeds, app fails to startup until app data is cleared
[1]: IncludeSec's 2021 Q2 security audit report pp. 9-12 Low-Risk Findings L3