Impact Area
Security
Severity
High
Affected Element
ServiceNow
UI Script
Salesforce
Static Resource
Rule number #
SN-JSL-005 (for ServiceNow)
SF-JSL-004 (for Salesforce)
Impact #
The “usemap” attribute is used to reference another element by name or id. Since the name and id attributes are already blacklisted, a sanitized usemap attribute could only reference unsanitized content, which is a security risk.
Remediation #
Update AngularJS to the latest version.
Time to fix #
30 min
References #
This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’).
