Question 1 Replies 96 Views × Close popover srujana medi (srujanam6200) S & P Global Company Ltd S & P Global Company Ltd IN View Profile Send Message srujanam6200 Member since 2019 5 posts S & P Global Company Ltd Posted: October 10, 2020 Last activity: October 12, 2020 Posted: 10 Oct 2020 10:26 EDT Last activity: 12 Oct 2020 5:35 EDT Vulnerable fix for pyUnsafeURL We have few HTML Fragments with code snippet with below patterns, which throwing pyUnsafeURL vulnerability when Rule security vulnerability tool is ran. 1) var var_name = <some string> var_name = var_name.replace('a','b'); 2) var var_name = pxReqURI + "?pyActivity=A-B-C.Act_Name&tabname=Tab_1"; For the second pattern we have tried oSafeURL as below but still it showing the vulnerability. var oSafeURL = new SafeURL("A-B-C.Act_Name"); oSafeURL.put("tabname","Tab_1"); var var_name = oSafeURL.toURL(); But still we are seeing this snippet in vulnerability list. Can someone please provide an alternative for these patterns to avoid vulnerability. ***Edited by Moderator: Pooja to update type to product*** Pega Platform 7.4 Security Financial Services Front-End Developer × Close popover Facebook Twitter Linkedin Email Copy Link Copied! Posted: 6 months ago Updated: 6 months ago Posted: 12 Oct 2020 3:33 EDT Updated: 12 Oct 2020 3:34 EDT × Close popover srujana medi (srujanam6200) S & P Global Company Ltd S & P Global Company Ltd IN View Profile Send Message srujanam6200 S & P Global Company Ltd replied to srujanam6200 We are looking for help on this. Could someone provide comments on this.