JS encoded and parsed JSON is safe

pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java

@@ -93,10 +93,14 @@ public class VfUnescapeElRule extends AbstractVfRule {
             }
         } else {
             if (!(startsWithSafeResource(elExpression) || containsSafeFields(elExpression))) {
+                final boolean hasUnscaped = doesElContainAnyUnescapedIdentifiers(elExpression,
+                        EnumSet.of(Escaping.JSENCODE, Escaping.JSINHTMLENCODE));
+                if (!(jsonParse && !hasUnscaped)) {
                     addViolation(data, elExpression);
                 }
             }
         }
+    }
 
     private boolean isJsonParse(ASTText prevText) {
         final String text = (prevText.getImage().endsWith("'") || prevText.getImage().endsWith("'"))

pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml

@@ -605,4 +605,20 @@ JSON.parse method evaluates non quoted EL to unsafe XSS
 		<source-type>vf</source-type>
 	</test-code>
 
+	<test-code>
+		<description><![CDATA[
+JSON.parse method evaluates escaped EL to safe JSON
+     ]]></description>
+		<expected-problems>0</expected-problems>
+		<code><![CDATA[
+<apex:page>
+	<script>
+		var x = JSON.parse({!JSENCODE(yes)});
+	</script>
+</apex:page>
+]]></code>
+		<source-type>vf</source-type>
+	</test-code>
+
+
 </test-data>