From eba729c9531d97aa95cacaf79ed054b255e1993f Mon Sep 17 00:00:00 2001 From: Sergey Date: Tue, 28 Feb 2017 13:28:24 -0800 Subject: [PATCH] Whitelisting Labels --- .../pmd/lang/vf/rule/security/VfUnescapeElRule.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java b/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java index 05865ce319..702700f31f 100644 --- a/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java +++ b/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java @@ -77,7 +77,8 @@ public class VfUnescapeElRule extends AbstractVfRule { final ASTText attrText = attr.getFirstDescendantOfType(ASTText.class); if (attrText != null) { if (0 == attrText.jjtGetChildIndex()) { - if (attrText.getImage().startsWith("/") || attrText.getImage().toLowerCase().startsWith("http")) { + if (attrText.getImage().startsWith("/") + || attrText.getImage().toLowerCase().startsWith("http")) { startingWithSlashText = true; } } @@ -211,8 +212,9 @@ public class VfUnescapeElRule extends AbstractVfRule { break; } - if ("$Resource".equalsIgnoreCase(id.getImage()) || "URLFOR".equalsIgnoreCase(id.getImage()) - || "$Site".equalsIgnoreCase(id.getImage()) || "$Page".equalsIgnoreCase(id.getImage())) { + if ("$Label".equalsIgnoreCase(id.getImage()) || "$Resource".equalsIgnoreCase(id.getImage()) + || "URLFOR".equalsIgnoreCase(id.getImage()) || "$Site".equalsIgnoreCase(id.getImage()) + || "$Page".equalsIgnoreCase(id.getImage())) { isEscaped = true; continue; }