Impact area
Security
Severity
High
Affected element
ServiceNow
UI Script
Salesforce
Static Resource
Rule number #
SN-JSL-ANGULARJS-LESSTHAN-V180-OPT (for ServiceNow)
SF-JSL-ANGULARJS-LESSTHAN-V180-OPT (for Salesforce)
Impact #
The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping “<option>” elements in “<select>” ones changes parsing behavior, leading to possibly unsanitizing code.
Remediation #
Update AngularJS to the latest version.
Time to fix #
30 min
References #
This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’).
