Shopify: URL Scheme Validation Bypass in Shopify Mobile App Allows Javascript Execution

A vulnerability in the Shopify mobile application allowed bypassing URL scheme validation in the NavigationActivity component. Attackers could craft malicious URLs using data: or javascript: schemes to execute JavaScript code within the app's webview context...