Question

1
Replies
51
Views
srujanam6200 Member since 2019 2 posts
S & P Global Company Ltd
Posted: October 10, 2020
Last activity: October 12, 2020

Vulnerable fix for pyUnsafeURL

 We have few HTML Fragments with code snippet with below patterns, which throwing pyUnsafeURL vulnerability when Rule security vulnerability tool is ran.

1) var var_name = <some string>

            var_name = var_name.replace('a','b');

2) var var_name = pxReqURI + "?pyActivity=A-B-C.Act_Name&tabname=Tab_1";

 For the second pattern we have tried oSafeURL as below but still it showing the vulnerability.

            var oSafeURL = new SafeURL("A-B-C.Act_Name");

            oSafeURL.put("tabname","Tab_1");

            var var_name = oSafeURL.toURL();

   But still we are seeing this snippet in vulnerability list.

 

Can someone please provide an alternative for these patterns to avoid vulnerability.

 

***Edited by Moderator: Pooja to update type to product***
Pega Platform 7.4 Security Financial Services Front-End Developer
Share this page LinkedIn