You need to sign in to do that
Don't have an account?
help on security error in java-script code 'Confidential information passed in GET request'
Dear all,
We just got our security testing results, got one issue
Scanning File: \TestHelp.page
<script>
fun(){
61 window.location.href='https://help.salesforce.com/htviewhelpdoc?id='+'{!JSENCODE(temp)}'+'&siteLang=en_US';
}
</script>
Recommendation:
Ensure that all session IDs are unique, random and encrypted.
Ensure that unencrypted session IDs are not used in the URL.
Make sure all tokens, session IDs and session cookies expire after a reasonable time period.
the id part already encoded with json encode , we didn get any exception in code scanner. Could any one suggest wht could be the solution for code at line 61.
Thnaks,
Stephen
As per my best knowledge, ypu should use URLENCODE function as you are creating a URL.