Discussion

2
Replies
1257
Views
JonnyGar Member since 2009 91 posts
BNY Mellon
Posted: February 12, 2015
Last activity: March 23, 2016
Closed

MSOFileTransferButtons control

I have a couple of questions about this control MSOFileTransferButtons.

Why is it in Pega-AppDefinition? I have a number of teams that forked the rule -- possibly because they didn't see the AppDefinition as being in the peroper "foundation" layer, like Pega-UIDesign.

Secondly, it's curious to note that MSOFileTransferButtons is flagged by the Security Analyzer. Well, the Pega version is not, but any forked version in a local ruleset is. This is a problem through v7.1.5, for those of you scoring at home.

<button class='buttonTdButton' onclick="MSODownloadFile('<%= tools.getParamValue("downloadActivity") %>', '<%= tools.getParamValue("otherParamValues") %>','<%= tools.getParamValue("showWarning") %>','<%= tools.getParamValue("warningMessage") %>')" type="button">

 

Now, this is probably not a huge risk, since parameters to controls are always passed explictly; there's no option to pass the existing parameter page. Still, it probably should be addressed, so as not to show up by any code scanner.

User Interface
Moderation Team has archived post
Share this page LinkedIn