From eb3fe1ed082a58c309446ed31ac166baa636a8e9 Mon Sep 17 00:00:00 2001 From: Sergey Date: Tue, 28 Feb 2017 13:56:05 -0800 Subject: [PATCH] Adding a unit test and bug fix --- .../pmd/lang/vf/rule/security/VfUnescapeElRule.java | 3 +-- .../pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml | 13 +++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java b/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java index 2b55788052..6a3782047b 100644 --- a/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java +++ b/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java @@ -223,8 +223,7 @@ public class VfUnescapeElRule extends AbstractVfRule { case "$site": case "$page": isEscaped = true; - default: - isEscaped = false; + break; } if (e.equals(ESCAPING.ANY)) { diff --git a/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml b/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml index 32c0698e30..822345e4f2 100644 --- a/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml +++ b/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml @@ -8,6 +8,19 @@ Id in the EL means no XSS 0 + + +]]> + vf + + + + + 0 + foo ]]>