function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

XSS error in google maps javascript

Hello All,

I have a visualforce page that displays the google maps correctly for all accounts but I submitted for security review online and it give me errors on the bold lines(below in code)


The error from report

Query Name - Stored_XSS
Severity - Critical
5. public List<Account> getlistacc() //displaylocationmap.cls
7. accounts=[SELECT id,BillingStreet,BillingCity,BillingPostalCode,BillingCountry,name From Account where
BillingStreet <>NULL and BillingPostalCode<>NULL];
10. return accounts;
79. arraddress[i]='!a.BillingStreet}!a.BillingCity}!a.BillingPostalCode}!a.BillingCountry}'; //



My code-----

<apex:page controller="DisplayLocationMap" showHeader="false" sidebar="false" standardStylesheets="false">
<apex:include pageName="BannerTemplate"/>
<html >

<script type="text/javascript" src=""></script>
<script type="text/javascript" src=""></script>
<script type="text/javascript">
var arraddress= new Array();
var arrids= new Array();
var content=new Array();
var arrnames= new Array();
var i=0;
var map;
var geocoder;
function initialize() {
var mapDiv = document.getElementById('map-canvas');

map = new google.maps.Map(mapDiv, {
zoom: 5,
mapTypeId: google.maps.MapTypeId.ROADMAP
google.maps.event.addListenerOnce(map, 'idle', addMarkers);

function addMarkers() {
for (var i = 0; i < arraddress.length; i++) {
content[i] = '<b><i>'+arrnames[i]+' </i></b><br/>'+' '+arraddress[i];
var latlng = geocodeAddress(arraddress[i],arrids[i],content[i]);
function geocodeAddress(addds,id,content)
geocoder = new google.maps.Geocoder();
geocoder.geocode( { 'address': addds}, function(results, status) {
if (status == google.maps.GeocoderStatus.OK) {
var marker = new google.maps.Marker({
map: map,
position: results[0].geometry.location
var infowindow = new google.maps.InfoWindow({
content: content
google.maps.event.addListener(marker, 'mouseover', function() {,this);
google.maps.event.addListener(marker, 'mouseout', function() {
google.maps.event.addListener(marker, 'click', function() {'/'+id);
else {
alert("Geocode was not successful for the following reason: " + status);

google.maps.event.addDomListener(window, 'load', initialize);
#map-canvas {
font-family: Arial;
line-height:normal !important;

<div id="map-canvas"></div>
<apex:repeat value="{!listacc}" var="a">
arraddress[i]="{!a.BillingStreet},{!a.BillingCity},{!a.BillingPostalCode}{!a.BillingCountry}"; //ERROR ON THESE BOLD 
arrids[i]="{!}"; //LINES




public List<Account> accounts=new List<Account>();

public List<Account> getlistacc()
       accounts=[SELECT id,BillingStreet,BillingCity,BillingPostalCode,BillingCountry,name From Account where BillingStreet <>NULL and BillingPostalCode<>NULL];
       return accounts;