Edit me

Security

Rules that flag potential security flaws.
  • VfCsrf: Avoid calling VF action upon page load as the action becomes vulnerable to CSRF.
  • VfUnescapeEl: Avoid unescaped user controlled content in EL as it results in XSS.

Additional rulesets

  • Basic VF (rulesets/vf/security.xml):

    Deprecated This ruleset is for backwards compatibility.

    It contains the following rules:

    VfCsrf, VfUnescapeEl