Question1Replies51Views srujanam6200 Member since 2019 2 posts S & P Global Company Ltd Posted: October 10, 2020Last activity: October 12, 2020 Vulnerable fix for pyUnsafeURL We have few HTML Fragments with code snippet with below patterns, which throwing pyUnsafeURL vulnerability when Rule security vulnerability tool is ran.1) var var_name = <some string> var_name = var_name.replace('a','b');2) var var_name = pxReqURI + "?pyActivity=A-B-C.Act_Name&tabname=Tab_1"; For the second pattern we have tried oSafeURL as below but still it showing the vulnerability. var oSafeURL = new SafeURL("A-B-C.Act_Name"); oSafeURL.put("tabname","Tab_1"); var var_name = oSafeURL.toURL(); But still we are seeing this snippet in vulnerability list. Can someone please provide an alternative for these patterns to avoid vulnerability. ***Edited by Moderator: Pooja to update type to product*** Pega Platform 7.4 Security Financial Services Front-End Developer ×Close popoverFacebookTwitterLinkedinEmail Copy Link Copied! Posted: 1 month agoUpdated: 1 month agosrujanam6200 S & P Global Company Ltd replied to srujanam6200We are looking for help on this. Could someone provide comments on this.