Discussion

2
Replies
1270
Views
Close popover
Jon Garfunkel (JonnyGar)
BNY Mellon
Vice President, BPM CoE
BNY Mellon
US
JonnyGar Member since 2009 91 posts
BNY Mellon
Posted: February 12, 2015
Last activity: March 23, 2016
Closed

MSOFileTransferButtons control

I have a couple of questions about this control MSOFileTransferButtons.

Why is it in Pega-AppDefinition? I have a number of teams that forked the rule -- possibly because they didn't see the AppDefinition as being in the peroper "foundation" layer, like Pega-UIDesign.

Secondly, it's curious to note that MSOFileTransferButtons is flagged by the Security Analyzer. Well, the Pega version is not, but any forked version in a local ruleset is. This is a problem through v7.1.5, for those of you scoring at home.

<button class='buttonTdButton' onclick="MSODownloadFile('<%= tools.getParamValue("downloadActivity") %>', '<%= tools.getParamValue("otherParamValues") %>','<%= tools.getParamValue("showWarning") %>','<%= tools.getParamValue("warningMessage") %>')" type="button">

 

Now, this is probably not a huge risk, since parameters to controls are always passed explictly; there's no option to pass the existing parameter page. Still, it probably should be addressed, so as not to show up by any code scanner.

User Experience
Moderation Team has archived post