Today when i rescanned veracode reopened a bunch of lines with things like...
$(document).off('click.applicationmenu open-applicationmenu close-applicationmenu keydown.applicationmenu');
$(document).on('open-applicationmenu', () => {...
$(document).trigger($.Event('keydown', { keyCode: 27, which: 27 }));
Why is $(document) considered a "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS" flaw ? And also why suddenly today and never before on any other scans.
This seems like it would be fine to me or how to fix/mitagate if its not?
Turns out this was something they added and removed to the scan results. It does not seem to be reported anymore.