Index of all built-in rules available for Salesforce VisualForce
Security
Rules that flag potential security flaws.
- VfCsrf: Avoid calling VF action upon page load as the action becomes vulnerable to CSRF.
- VfHtmlStyleTagXss: Checks for the correct encoding in ‘<style/>’ tags in Visualforce pages. The rule is based on Sal…
- VfUnescapeEl: Avoid unescaped user controlled content in EL as it results in XSS.
Additional rulesets
-
Basic VF (
rulesets/vf/security.xml
):Deprecated This ruleset is for backwards compatibility.
It contains the following rules: