You need to sign in to do that
Don't have an account?
miku1051
Cross-site Scripting (XSS) in security review.?
I am getting Cross-site Scripting (XSS) while scanning in force.com scanner.if i remove javascript there is no error..what to change in javascript code..please help its quite urgent...may be encode something...
Class
accid=ApexPages.currentPage().getParameters().get('accid'); public meetingCtlr1(ApexPages.StandardController controller) { conRecList=[Select id,name,email from contact where Accountid=:accid]; }
conRecList on VF page
I have used this in javascript on VF page <script> for(var i=0;i<{!conRecList.size};i++) var id='thePage:theform:thePB:conTable:'+i+':'+checkboxid; document.getElementById(id).checked=bool; </script>
braces aren't a issue..i missed it while copy pasting..
Can you have a look what i have done wrong...as conReclist.Size always returns an integer..how to encode it...
please help..!!!
{!JSENCODE(listSize)}
http://simplyforce.blogspot.in/2011/03/salesforce-applications-with-security.html
thanks for replying...but still its not working...
if i use for(var i=0;i<JSENCODE(listSize);i++)
code is saving with no errors but functionality is not working...can you suggest...
Hi Miku,
Please use this code. Hope this will work for you.
Please mark this as soluiont if it helps you.
KUDOS
Salesforce Developer, Salesforce Administrator