Index of all built-in rules available for Salesforce VisualForce
Edit me


Rules that flag potential security flaws.
  • VfCsrf: Avoid calling VF action upon page load as the action becomes vulnerable to CSRF.
  • VfHtmlStyleTagXss: Checks for the correct encoding in ‘<style/>’ tags in Visualforce pages. The rule is based on Sal…
  • VfUnescapeEl: Avoid unescaped user controlled content in EL as it results in XSS.

Additional rulesets

  • Basic VF (rulesets/vf/security.xml):

    Deprecated This ruleset is for backwards compatibility.

    It contains the following rules:

    VfCsrf, VfUnescapeEl