You need to sign in to do that
Don't have an account?

Security Review issue
Hi friends,
I have created a managed package for my application JS and uploaded its first version JS 1.0 (Developer,AppExchange),
earlier i had given my application for scan to SOURCE CODE SCANNER, and they respond back with "no issues".
then i had submitted my application for Security review (fom appexchange),done all the formalities,
after three weeks salesforce respond with a mail which shows failure of application because of one vulnerabilities,that is :
1)MIXED CONTENT VULNERABILITY
for this line
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">
</script>
and for highlighted lines
function showMessage(event, jsEvent, view)
{
document.getElementById("NoticeDiv_"+event.id).style.left = jsEvent.pageX+'px';+'px';
document.getElementById("NoticeDiv_"+event.id).style.top = jsEvent.pageY+'px';
document.getElementById("NoticeDiv_"+event.id).innerHTML = '<div id="TitleBar_'+event.id+'" class="drsMoveHandle">'+event.title+'<img src="http://images.fpitesters.com/shared/application_close_fade.png" id="closeButton_'+event.id+'" name="closeButton_'+event.id+'" onmouseover=\'javascript:roll_over("closeButton_'+event.id+'", "http://images.fpitesters.com/shared/application_close.png");\' onmouseout= \'javascript:roll_over("closeButton_'+event.id+'", "http://images.fpitesters.com/shared/application_close_fade.png");\' onClick="javascript:hideMessage(\''+event.id+'\');" ></div> \
Staff: '+event.staff+'<br>'
$("#NoticeDiv_"+event.id).slideDown('fast', function()
{
});
}
could anyone please help me how to fix this issue.
I think i should use static resource instead of url.
please correct me.
Thanks,
Amit Singh
Hi Amit,
Use
instead of
If a reply to a post answers your question or resolves your problem, please mark it as the solution to the post so that others may benefit.
All Answers
Yes using static resource may solve the issue. Let others know if it fails even after using static resource.
thank you hatti,
i have some questions,
insted of using,
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">
</script>
now i am using,
<script type="text/javascript" src="{!$Resource.Calender_Jquery}"></script>
and for,
function showMessage(event, jsEvent, view)
{
document.getElementById("NoticeDiv_"+event.id).style.left = jsEvent.pageX+'px';+'px';
document.getElementById("NoticeDiv_"+event.id).style.top = jsEvent.pageY+'px';
document.getElementById("NoticeDiv_"+event.id).innerHTML = '<div id="TitleBar_'+event.id+'" class="drsMoveHandle">'+event.title+'<img src="http://images.fpitesters.com/shared/application_close_fade.png" id="closeButton_'+event.id+'" name="closeButton_'+event.id+'" onmouseover=\'javascript:roll_over("closeButton_'+event.id+'", "http://images.fpitesters.com/shared/application_close.png");\' onmouseout= \'javascript:roll_over("closeButton_'+event.id+'", "http://images.fpitesters.com/shared/application_close_fade.png");\' onClick="javascript:hideMessage(\''+event.id+'\');" ></div> \
Staff: '+event.staff+'<br>'
$("#NoticeDiv_"+event.id).slideDown('fast', function()
{
});
}
I am Using,
function showMessage(event, jsEvent, view)
{
// //string str="'event.linkurl+event.id;
document.getElementById("NoticeDiv_"+event.id).style.left = jsEvent.pageX+'px';+'px';
document.getElementById("NoticeDiv_"+event.id).style.top = jsEvent.pageY+'px';
document.getElementById("NoticeDiv_"+event.id).innerHTML = '<div id="TitleBar_'+event.id+'" class="drsMoveHandle">'+event.title+'<img src="{!$Resource.Calender_Image_Close_Fed}" id="closeButton_'+event.id+'" name="closeButton_'+event.id+'" onmouseover=\'javascript:roll_over("closeButton_'+event.id+'", "{!$Resource.Calender_Image_Close}");\' onmouseout= \'javascript:roll_over("closeButton_'+event.id+'", "{!$Resource.Calender_Image_Close_Fed}");\' onClick="javascript:hideMessage(\''+event.id+'\');" ></div> \
Staff: '+event.staff+'<br>'
$("#NoticeDiv_"+event.id).slideDown('fast', function()
{
});
}
will it fix my issue,
and why Source code scanner had not found this error,
Thanks,
Amit Singh
Hi Amit,
Use
instead of
If a reply to a post answers your question or resolves your problem, please mark it as the solution to the post so that others may benefit.