Discussion

2
Replies
1288
Views
Jon Garfunkel (JonnyGar)
BNY Mellon
Vice President, BPM CoE
BNY Mellon
US
JonnyGar Member since 2009 91 posts
BNY Mellon
Posted: February 12, 2015
Last activity: March 23, 2016
Posted: 12 Feb 2015 16:47 EST
Last activity: 23 Mar 2016 5:37 EDT
Closed

MSOFileTransferButtons control

I have a couple of questions about this control MSOFileTransferButtons.

Why is it in Pega-AppDefinition? I have a number of teams that forked the rule -- possibly because they didn't see the AppDefinition as being in the peroper "foundation" layer, like Pega-UIDesign.

Secondly, it's curious to note that MSOFileTransferButtons is flagged by the Security Analyzer. Well, the Pega version is not, but any forked version in a local ruleset is. This is a problem through v7.1.5, for those of you scoring at home.

<button class='buttonTdButton' onclick="MSODownloadFile('<%= tools.getParamValue("downloadActivity") %>', '<%= tools.getParamValue("otherParamValues") %>','<%= tools.getParamValue("showWarning") %>','<%= tools.getParamValue("warningMessage") %>')" type="button">

 

Now, this is probably not a huge risk, since parameters to controls are always passed explictly; there's no option to pass the existing parameter page. Still, it probably should be addressed, so as not to show up by any code scanner.

User Experience
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Discussion, please write a new Discussion.