hiifong/pmd
1
0
Fork 0
forked from phoedos/pmd
Code Pull Requests Activity

Whitelisting Labels

Browse Source
This commit is contained in:
Sergey
2017-02-28 13:28:24 -08:00
committed by Juan Martín Sotuyo Dodero
parent 8db5464583
commit eba729c953
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java
View File

@ -77,7 +77,8 @@ public class VfUnescapeElRule extends AbstractVfRule {
final ASTText attrText = attr.getFirstDescendantOfType(ASTText.class);
if (attrText != null) {
if (0 == attrText.jjtGetChildIndex()) {
if (attrText.getImage().startsWith("/") || attrText.getImage().toLowerCase().startsWith("http")) {
if (attrText.getImage().startsWith("/")
|| attrText.getImage().toLowerCase().startsWith("http")) {
startingWithSlashText = true;
}
}
@ -211,8 +212,9 @@ public class VfUnescapeElRule extends AbstractVfRule {
break;
}
if ("$Resource".equalsIgnoreCase(id.getImage()) || "URLFOR".equalsIgnoreCase(id.getImage())
|| "$Site".equalsIgnoreCase(id.getImage()) || "$Page".equalsIgnoreCase(id.getImage())) {
if ("$Label".equalsIgnoreCase(id.getImage()) || "$Resource".equalsIgnoreCase(id.getImage())
|| "URLFOR".equalsIgnoreCase(id.getImage()) || "$Site".equalsIgnoreCase(id.getImage())
|| "$Page".equalsIgnoreCase(id.getImage())) {
isEscaped = true;
continue;
}