Calls to addError with disabled escaping should be avoided
Impact area
Security
Severity
High
Affected element
Apex Class
Rule ID
SF-0021
Impact
The message passed to addError will be displayed directly to the user in the UI, making it prime ground for XSS attacks if unescaped.
Remediation
Ensure that all calls to the addError function are escaped.
Time to fix
60 min