SonarQube Plugins
  1. SonarQube Plugins
  2. SONARPLUGINS-853

Feature to monitor usage of escape="false" attribute on pages.

    Details

    • Type: New Feature New Feature
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: WEB-1.0.2
    • Fix Version/s: WEB-1.1
    • Component/s: Web
    • Labels:
      None
    • Number of attachments :
      0

      Description

      In JSF, the usage of attribute escape="false" on pages causes rendering of HTML content in string as it is (without encoding).

      This can cause possible XSS threat to application.

      Thus in applications where XSS issues are to be handled, addition of this feature will allow monitoring and guaging number of pages that are using escape="false".

      Can this feature be added to SONAR plugin?

        Activity

        Hide
        Matthijs Galesloot added a comment - - edited

        New check AttributeValidationCheck.

        parameters:
        attributes (List of attributes, comma separated)
        values (List of values, comma separated. Regular expressions are supported)

        Show
        Matthijs Galesloot added a comment - - edited New check AttributeValidationCheck. parameters: attributes (List of attributes, comma separated) values (List of values, comma separated. Regular expressions are supported)

          People

          • Assignee:
            Matthijs Galesloot
            Reporter:
            Deepa Tilwani
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: