Details
-
Suggestion
-
Resolution: Tracked Elsewhere
-
None
-
None
Description
In JSF, the usage of attribute escape="false" on pages causes rendering of HTML content in string as it is (without encoding).
This can cause possible XSS threat to application.
Thus in applications where XSS issues are to be handled, addition of this feature will allow monitoring and guaging number of pages that are using escape="false".
Can this feature be added to SONAR plugin?