TRIAL REQUEST A DEMO LOGIN

Calls to addError with disabled escaping should be avoided

Impact area

Security

Severity

High

Affected element

Apex Class

Rule ID

SF-0021

Impact

The message passed to addError will be displayed directly to the user in the UI, making it prime ground for XSS attacks if unescaped.


Remediation

Ensure that all calls to the addError function are escaped.

Time to fix

60 min

What's here


Related content

PMD - Apex Class rules

PMD: ApexXSSFromEscapeFalse





Last modified on Jun 10, 2020
Copyright © QualityClouds 2021