2

We use below code to capture Account's FirstName, LastName and some other values.

<aura:attribute name="currentAccount" type="Account"/> <lightning:input aura:id="applicantform" class="firstName" label="{!$Label.c.AccountFirstName}" name="{!$Label.c.AccountFirstName}" value="{!v.currentAccount.FirstName}" messageWhenPatternMismatch="{!$Label.c.NameFormatMessage}" pattern="{!$Label.c.RegexExpressionName}" required="true" messageWhenValueMissing = "{!$Label.c.RequredFieldMessage}"/>

Checkmarx is reporting "Client_DOM_XSS" attack for code "value="{!v.currentAccount.FirstName}" which we do not understand how this is a "Client_DOM_XSS" attack as we are using aura input component and attribute(Account type).

Note:

  • It is started happening after a recent upgrade in checkmarx.
  • Previous scans did not show this violation.
  • We have similar code for other fields as well, but it is reporting only for FirstName, LastName

Could you please suggest what is wrong with above code and how this is a "Client_DOM_XSS" violation?

Thanks in advance

Improve this question
1
  • I think it will be helpful if you add code which shows how currentAccount attribute is set. Commented Apr 26, 2024 at 9:25

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.