Adding a unit test and bug fix

2017-02-28 13:56:05 -08:00
parent 595f398525
commit eb3fe1ed08
2 changed files with 14 additions and 2 deletions
--- a/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java
+++ b/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java
@ -223,8 +223,7 @@ public class VfUnescapeElRule extends AbstractVfRule {
                    case "$site":
                    case "$page":
                        isEscaped = true;
-                    default:
-                        isEscaped = false;
+                        break;
                    }

                    if (e.equals(ESCAPING.ANY)) {
--- a/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml
+++ b/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml
@ -8,6 +8,19 @@ Id in the EL means no XSS
 		<expected-problems>0</expected-problems>
 		<code><![CDATA[
 <apex:page>
+<link rel="stylesheet" type="text/css" href="{!$Resource.SDEFExtJS}/resources/css/ext-all.css" id="ext-all-css"/>
+</apex:page>
+]]></code>
+		<source-type>vf</source-type>
+	</test-code>
+
+	<test-code>
+		<description><![CDATA[
+Id in the EL means no XSS
+     ]]></description>
+		<expected-problems>0</expected-problems>
+		<code><![CDATA[
+<apex:page>
 <a onclick="ShowUnregisterWindow('{!item.id}')">foo</a>
 </apex:page>
 ]]></code>