diff --git a/docs/pages/release_notes.md b/docs/pages/release_notes.md
index 62fafe445a..4d24794015 100644
--- a/docs/pages/release_notes.md
+++ b/docs/pages/release_notes.md
@@ -36,7 +36,11 @@ This is a bug fixing release.
* [#1098](https://github.com/pmd/pmd/pull/1098): \[java] Simplify LongInstantiation, IntegerInstantiation, ByteInstantiation, and ShortInstantiation using type resolution
* doc
* [#999](https://github.com/pmd/pmd/issues/999): \[doc] Add a header before the XPath expression in rules
+* vf-security
+ * [#1100](https://github.com/pmd/pmd/issues/1100): \[vf] URLENCODE is ignored as valid escape method
### API Changes
### External Contributions
+
+* [#1106](https://github.com/pmd/pmd/pull/1106): \[vf] URLENCODE is ignored as valid escape method - [Robert Sösemann](https://github.com/rsoesemann)
diff --git a/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java b/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java
index ac1f2e72f9..6f7919649c 100644
--- a/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java
+++ b/pmd-visualforce/src/main/java/net/sourceforge/pmd/lang/vf/rule/security/VfUnescapeElRule.java
@@ -220,7 +220,7 @@ public class VfUnescapeElRule extends AbstractVfRule {
}
if (doesElContainAnyUnescapedIdentifiers(el,
- EnumSet.of(Escaping.JSINHTMLENCODE, Escaping.JSENCODE))) {
+ EnumSet.of(Escaping.ANY))) {
isEL = true;
toReport.add(el);
}
diff --git a/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml b/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml
index 9a0a38d89d..fca8199fc3 100644
--- a/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml
+++ b/pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml
@@ -654,5 +654,40 @@ NOW() is a safe call
vf
+
+
+ 0
+
+]]>
+ vf
+
+
+
+
+ 1
+
+]]>
+ vf
+
+
+
+
+ 0
+
+
+
+
+]]>
+ vf
+