Skip to content

Deny double URL decoding #124

New issue
New issue
Open
Open
Deny double URL decoding#124
@azurit

Description

@azurit
azurit
opened on Jan 29, 2026

It's needed to create a check which will deny usage of t:urlDecodeUni or t:urlDecode action togather with any of these targets:

ARGS
ARGS_GET
ARGS_POST
ARGS_NAMES

Note: Some of existing rules are doing this and we cannot resolve this now or in near future. This check must be applied only for new PRs or current rules must be ignored (i can provide a list).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions