# Source: codegooglecom/p/google-security-research/issues/detail?id=494
'''
The default Samsung email client's email viewer and composer (implemented in SecEmailUIapk) doesn't sanitize HTML email content for scripts before rendering the data inside a WebView This allows an attacker to execute arbitrary JavaScript when a user views a HT ...