Should not flag svg's xmlns property

Elisha_Terada · April 20, 2021, 3:40am

SonarScanner flags the string SVG namespace with error message Using http protocol is insecure. Use https instead.

The URL above used for SVG’s xmlns should not be https, and therefore should not raise Security Hotspots for this, and not require users to go through the flag each time SVG code gets added as part of the source code.

https://developer.mozilla.org/en-US/docs/Web/SVG/Namespaces_Crash_Course

pynicolas · April 20, 2021, 7:36am

Hi!

What’s the rule key for which an issue was raised?
What’s the language of the file where it was raised?

Colin · May 3, 2021, 9:26am

Hey there.

Thanks for the report. You should expect to see these false-positives resolved very soon once this ticket is (re)deployed to SonarCloud. This should happen soon (hours to days, not weeks).

Topic		Replies	Views
False positive for SVG element foreignObject in SonarCloud SonarQube Cloud html , css	5	1275	October 3, 2019
False positive: S1075 URIs should not be hardcoded triggers for XML Namespace names Report False-positive / False-negative... csharp	1	404	March 21, 2024
FP: S6819 - The ARIA "img" role should be allowed on SVG images Report False-positive / False-negative... javascript , html , web , sonarqube-ide , sonarqube-cloud	8	910	May 20, 2024
Does SonarCloud detects XSS in a javascript frontend and a java api.? SonarQube Cloud javascript , java , xss , sonarqube-cloud	3	499	October 19, 2023
S2755 False positive Sonar scan engine cannot recognize our code which is secure already Report False-positive / False-negative... java	1	665	March 4, 2022

Should not flag svg's xmlns property

Related topics