You need to sign in to do that
Don't have an account?
Jayesh Babu A V
How to solve the Information Disclosure Vulnerability issue?
I used this code to call the Bee Template API inside my my Visualforce page using javascript:
request( 'POST', 'https://auth.getbee.io/apiauth', 'grant_type=password&client_id={!clientId}&client_secret={!clientSecret}', 'application/x-www-form-urlencoded', function (token)And when I submitted this package for security review, I got the Stored XSS security issue. So, changed the code to this:
request( 'POST', 'https://auth.getbee.io/apiauth', 'grant_type=password&client_id={!JSENCODE(clientId)}&client_secret={!JSENCODE(clientSecret)}', 'application/x-www-form-urlencoded', function (token)But, now I got the Information Disclosure Vulnerability issue. This is the statement I got along with the issue:
Secrets should not be passed in the URL, JSENCODE is not sufficient to hide the secret.So, how can I solve this?
There are multiple ways to protect sensitive data within Force.com, depending on the type of secret being stored, who should have access, and how the secret should be updated.
If you find the information I shared above helpful, please mark the answer as Best. It may help others in the community