We are using WKWebView to render local files that we load using WKWebView loadFileURL's method. We use the webview to render "rich text" files like docx, xlsx. Until then we disabled js. However we discovered that disabling js also disabled the ability to switch pages in an xlsx document.
Enabling js should be safe as js should be escaped in a correctly formatted xlsx file but we were wondering if it would be a security risk if someone managed to craft an xlsx which would potentially execute malicious js ?