Apex Code Development You need to sign in to do that
Don't have an account?
The CheckMarx security scanner gives error on Stored XSS vulnerability
I have a javaScript method in my visualforce page, which is adding a css when page loads.
Code adds the css to radio buttons to look similar to Lightning radio buttons. Its giving XSS erorr when submitted for CheckMarx security.
I tried in my apex code with select options
options.add(new selectOption(u.Id,u.Name.escapehtml4()));
How can i remove the vulnerability from my javascript so code is passed by CheckMarx.
Code adds the css to radio buttons to look similar to Lightning radio buttons. Its giving XSS erorr when submitted for CheckMarx security.
var Row = document.getElementsByClassName("convertToLSD");
for (var k = 0; k < Row.length; k++) {
var colTds = Row[k].getElementsByTagName("td");
for (var i = 0; i < colTds.length; i++) {
var inrHtml = colTds[i].innerHTML; var chkId = inrHtml.substring(inrHtml.indexOf("id=") + 4, inrHtml.indexOf("\"", inrHtml.indexOf("id=") + 4));
var chkBx = inrHtml.substring(inrHtml.indexOf("<input"), inrHtml.indexOf(">") + 1); var chkLable = colTds[i].getElementsByTagName("label")[0].textContent; var typeOfInput = colTds[i].getElementsByTagName("input")[0].getAttribute("type"); var newChkBox = '<label class="slds-' + typeOfInput + '" for="' + chkId + '">' + chkBx + '<span class="slds-' + typeOfInput + '--faux"></span>' + '<span class="slds-form-element__label">' + chkLable + '</span>' + '</label>';
colTds[i].innerHTML = newChkBox; } }
I tried in my apex code with select options
options.add(new selectOption(u.Id,u.Name.escapehtml4()));
How can i remove the vulnerability from my javascript so code is passed by CheckMarx.