phoedos/pmd
1
1
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

@W-8680425@: Added LINKTO back into the list of inherently safe functions.

Browse Source
This commit is contained in:
Joshua Feingold
2021-01-29 10:02:09 -06:00
parent a4916f94fc
commit d88d8ff913
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/internal/ElEscapeDetector.java
View File

@ -41,7 +41,7 @@ public final class ElEscapeDetector {
// These Text functions are safe, either because of what they accept or what they return. // These Text functions are safe, either because of what they accept or what they return.
"begins", "br", "casesafeid", "contains", "find", "getsessionid", "ispickval", "len", "begins", "br", "casesafeid", "contains", "find", "getsessionid", "ispickval", "len",
// These Advanced functions are safe because of what they accept or what they return. // These Advanced functions are safe because of what they accept or what they return.
"currencyrate", "getrecordids", "ischanged", "junctionidlist", "regex", "urlfor" "currencyrate", "getrecordids", "ischanged", "junctionidlist", "linkto", "regex", "urlfor"
)); ));
private static final Set<String> FUNCTIONS_WITH_XSSABLE_ARG0 = new HashSet<>(Arrays.asList( private static final Set<String> FUNCTIONS_WITH_XSSABLE_ARG0 = new HashSet<>(Arrays.asList(
// For these methods, the first argument is a string that must be escaped. // For these methods, the first argument is a string that must be escaped.