Sign Up ›

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Amit Singh1989Amit Singh1989 

Security Review issue

Hi friends,


I have created a managed package for my application JS and uploaded its first version JS 1.0 (Developer,AppExchange),
earlier i had given my application for scan to SOURCE CODE SCANNER, and they respond back with "no issues".

then i had submitted my application for Security review  (fom appexchange),done all the formalities,
after three weeks salesforce respond with a mail which shows failure of application because of one vulnerabilities,that is :

 1)MIXED CONTENT VULNERABILITY

for this line
 <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">
 </script>


and for highlighted lines

function showMessage(event, jsEvent, view)
    {
        document.getElementById("NoticeDiv_"+event.id).style.left = jsEvent.pageX+'px';+'px';
        document.getElementById("NoticeDiv_"+event.id).style.top = jsEvent.pageY+'px';
        document.getElementById("NoticeDiv_"+event.id).innerHTML = '<div id="TitleBar_'+event.id+'" class="drsMoveHandle">'+event.title+'<img src="http://images.fpitesters.com/shared/application_close_fade.png" id="closeButton_'+event.id+'" name="closeButton_'+event.id+'" onmouseover=\'javascript&colon;roll_over("closeButton_'+event.id+'", "http://images.fpitesters.com/shared/application_close.png");\' onmouseout= \'javascript&colon;roll_over("closeButton_'+event.id+'", "http://images.fpitesters.com/shared/application_close_fade.png");\' onClick="javascript&colon;hideMessage(\''+event.id+'\');" ></div> \
                                                          Staff: '+event.staff+'<br>'
          $("#NoticeDiv_"+event.id).slideDown('fast', function()
          {
          });   
 }



could anyone please help me how to fix this issue.

I think i should use static resource instead of url.

please correct me.




Thanks,
Amit Singh

Best Answer chosen by Admin (Salesforce Developers) 
Chamil MadusankaChamil Madusanka

Hi Amit,

 

Use

 

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">
 </script>

 instead of

 

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">
 </script>

If a reply to a post answers your question or resolves your problem, please mark it as the solution to the post so that others may benefit.

All Answers

hattihatti

Yes using static resource may solve the issue. Let others know if it fails even after using static resource.
Amit Singh1989Amit Singh1989

thank you hatti,

 

i have some questions,

insted of using,

 <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">
 </script>

 

now i am using,

<script type="text/javascript" src="{!$Resource.Calender_Jquery}"></script>

 

and for,

function showMessage(event, jsEvent, view)
    {
        document.getElementById("NoticeDiv_"+event.id).style.left = jsEvent.pageX+'px';+'px';
        document.getElementById("NoticeDiv_"+event.id).style.top = jsEvent.pageY+'px';
        document.getElementById("NoticeDiv_"+event.id).innerHTML = '<div id="TitleBar_'+event.id+'" class="drsMoveHandle">'+event.title+'<img src="http://images.fpitesters.com/shared/application_close_fade.png" id="closeButton_'+event.id+'" name="closeButton_'+event.id+'" onmouseover=\'javascript&colon;roll_over("closeButton_'+event.id+'", "http://images.fpitesters.com/shared/application_close.png");\' onmouseout= \'javascript&colon;roll_over("closeButton_'+event.id+'", "http://images.fpitesters.com/shared/application_close_fade.png");\' onClick="javascript&colon;hideMessage(\''+event.id+'\');" ></div> \
                                                          Staff: '+event.staff+'<br>'
          $("#NoticeDiv_"+event.id).slideDown('fast', function()
          {
          });   
 }


I am Using,

 

 function showMessage(event, jsEvent, view)
    {
       // //string str="'event.linkurl+event.id;
        document.getElementById("NoticeDiv_"+event.id).style.left = jsEvent.pageX+'px';+'px';
        document.getElementById("NoticeDiv_"+event.id).style.top = jsEvent.pageY+'px';
        document.getElementById("NoticeDiv_"+event.id).innerHTML = '<div id="TitleBar_'+event.id+'" class="drsMoveHandle">'+event.title+'<img src="{!$Resource.Calender_Image_Close_Fed}" id="closeButton_'+event.id+'" name="closeButton_'+event.id+'" onmouseover=\'javascript&colon;roll_over("closeButton_'+event.id+'", "{!$Resource.Calender_Image_Close}");\' onmouseout= \'javascript&colon;roll_over("closeButton_'+event.id+'", "{!$Resource.Calender_Image_Close_Fed}");\' onClick="javascript&colon;hideMessage(\''+event.id+'\');" ></div> \
                                                     
                                                          Staff: '+event.staff+'<br>'
          $("#NoticeDiv_"+event.id).slideDown('fast', function()
          {
          });   
 }

 

 

will it fix my issue,

 

and why Source code scanner had not found this error,

 

Thanks,

Amit Singh
Chamil MadusankaChamil Madusanka

Hi Amit,

 

Use

 

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">
 </script>

 instead of

 

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">
 </script>

If a reply to a post answers your question or resolves your problem, please mark it as the solution to the post so that others may benefit.

This was selected as the best answer