Support
Dashboard
Dashboard

Documentation

API Reference

Start Here

What is CodeAnt?
Join Community

Setup

Github
GitHub Enterprise
Bitbucket
Gitlab
Azure Devops

Pull Request Review

Features
Customize Review
Quality Gates
Integrations

Scan center

Code Security
Code Quality
Cloud Security
Engineering Productivity

Integrations

Jira
Test Coverage
CI/CD

IDE

Setup
Review
Enhancements

Rule Reference

Compliance
Anti-Patterns
Code Governance
Infrastructure Security Database
Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
  - Bicep
  - Ci
  - Dockerfile
  - Dockerfile
  - Html-templates
  - Hugo
  - Nginx
  - Secrets
  - Unicode
  - Visualforce
    - Security
      - Ncino
        Html
        Vf
        Xml
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml

Resources

Open Source
Blogs

Ncino

Xml

visualforce-page-api-version

Visualforce Pages must use API version 55 or higher for required use of the cspHeader attribute set to true.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection

csp-header-attribute

Visualforce Pages must have the cspHeader attribute set to true. This attribute is available in API version 55 or higher.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection

Vf Security

twitter linkedin

Powered by Mintlify

Assistant

Responses are generated using AI and may contain mistakes.