Rules that flag potential security flaws.
Edit me
VfCsrf
Since: PMD 5.6.0
Priority: Medium (3)
Avoid calling VF action upon page load as the action becomes vulnerable to CSRF.
This rule is defined by the following Java class: net.sourceforge.pmd.lang.vf.rule.security.VfCsrfRule
Example(s):
<apex:page controller="AcRestActionsController" action="{!csrfInitMethod}" >
Use this rule by referencing it:
<rule ref="category/vf/security.xml/VfCsrf" />
VfUnescapeEl
Since: PMD 5.6.0
Priority: Medium (3)
Avoid unescaped user controlled content in EL as it results in XSS.
This rule is defined by the following Java class: net.sourceforge.pmd.lang.vf.rule.security.VfUnescapeElRule
Example(s):
<apex:outputText value="Potential XSS is {! here }" escape="false" />
Use this rule by referencing it:
<rule ref="category/vf/security.xml/VfUnescapeEl" />