Should not flag svg's xmlns property

SonarScanner flags the string SVG namespace with error message Using http protocol is insecure. Use https instead.

The URL above used for SVG’s xmlns should not be https, and therefore should not raise Security Hotspots for this, and not require users to go through the flag each time SVG code gets added as part of the source code.

1 Like


What’s the rule key for which an issue was raised?
What’s the language of the file where it was raised?

Hey there.

Thanks for the report. You should expect to see these false-positives resolved very soon once this ticket is (re)deployed to SonarCloud. This should happen soon (hours to days, not weeks).