Rule: ApexXSSFromURLParam

Message

Apex classes should escape/sanitize Strings obtained from URL parameters

Description

Makes sure that all values obtained from URL parameters are properly escaped / sanitized to avoid XSS attacks.

Priority

2 (was 3)

Example

public without sharing class Foo {
    String unescapedstring = ApexPage.getCurrentPage().getParameters.get('url_param');
    String usedLater = unescapedstring;
}