Static Resource rules

The following table shows the list of Salesforce Static resource rules that are checked by Quality Clouds.

Best PracticeIssue SeverityImpact Area
Use of Open Source Javascript frameworkWarningManageability
XSS vulnerability in Ext JS Action Column getTipWarningSecurity
AngularJS - Prototype Pollution Vulnerability under 1.7.9HighSecurity
AngularJS - XSS vulnerability using AngularJS under 1.6.9 with FirefoxHighSecurity
AngularJS - XSS vulnerability through the attribute "usemap" from 1.3.0 to 1.5.0-rc2HighSecurity
AngularJS - XSS vulnerability through the attribute "usemap" from 1.0.0 to 1.2.30HighSecurity
AngularJS - XSS vulnerability using AngularJS under 1.6.5 in Firefox and Safari - sanitize on inert DocumentsHighSecurity
AngularJS - XSS vulnerability under 1.8.0 - input HTMLHighSecurity
AngularJS - Denial of Service attack through DOM clobbering on versions under 1.6.3HighSecurity
jQuery - XSS vulnerability under 3.5.0, when using htmlPrefilterHighSecurity
XSS vulnerability in Ext JS Action Column getTipHighSecurity
jQuery - Prototype Pollution Vulnerability under 3.4.0HighSecurity
jQuery - XSS vulnerability under 1.6.3, when using location.hashHighSecurity
jQuery - XSS vulnerability under 1.9.0, when using jQuery(strInput)HighSecurity
jQuery - XSS vulnerability under 3.0.0, when making cross-domain calls without the dataType optionHighSecurity
jQuery-ui-tooltip - XSS vulnerability under 1.10.0, title attributeHighSecurity
jQuery-ui-dialog - XSS vulnerability under 1.10.0, title attributeHighSecurity
jQuery-ui-dialog - XSS vulnerability under 1.10.0, closeText parameterHighSecurity
moment.js - Regular Expression Denial of Service VulnerabilityHighSecurity


Last modified on Oct 13, 2020