function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Nochum Klein 15Nochum Klein 15 

Trailhead Module: Identify CRUD and FLS Violations in Visualforce and Apex

This no longer works as described in the Trailhead.  Selecting "User with Limited Access to Treasures" on the CRUD & FLS Visualforce Demo tab yields an "insufficient access" error with no data returned.
SandhyaSandhya (Salesforce Developers) 
Hi,

I have tried and got same error.I would suggest you provide feedback from feedback link on the same page which i did.

Best Regards,
Sandhya
Brian Knezek KnezekBrian Knezek Knezek
I'm encountering the same problem. Already submitted feedback.
ArleneArlene
In Setup, in the Login Access Policies, enable the Administrators Can Log in as Any User.  This will allow the demo to work, but I'm unsure whether you want to leave it on for the rest of the module.
Jess BurghJess Burgh
Seem to be stuck on this oneUser-added image

Hey all. Seem to be stuck on this one. I pasted an image of the code I modified. Plus when I went to check the challenge, I got the error message. What am I doing wrong? Thanks!! 
Heather Vaughn 17Heather Vaughn 17
Try substituting the actual merge field value instead of Field 1 and repeating the comment tag above the place where the <apex:OutputText> value="{!p.theMergeField} writes the merge field value (not just to the right of the end of the tag. Finally worked for me.
Dev BoorlaDev Boorla
@Arlene - Thank you. Your response worked!
Puneet_MishraPuneet_Mishra
Thank you @Arlene
Nilesh Patil 57Nilesh Patil 57
@Arlene - Thank you. Your response worked!
Sarah J DSarah J D
Jess! Same issue facing! Kindly share the code if you've cleared the challenge
Volker SchwarzVolker Schwarz
Pay attention @Jess and @Sarah: There are 3 comments to check. It will work with the correct answers. I also missed one of the comments before
Fabian Manzano 6Fabian Manzano 6
In case this helps, you have to replace field 1 with the actual merge field name
so instead of using
<!-- Field 1 is vulnerable NO -->
replace to:
<!-- chestContents is vulnerable YES -->
User-added image
Deepika Patel 8Deepika Patel 8
HI,
Below worked for me

<apex:image id="theImage" value="{!$Resource.treasure_chest}"/>
<br/><br/>
<apex:commandButton value="Open Chest" action="{!getRandomTreasure}" rendered="{!ISBLANK(chestContents)}"/> <apex:OutputText rendered="{!NOT(ISBLANK(chestContents))}" value="Congrats, you've found {!chestContents}!"/> <!-- chestContents is vulnerable YES -->
</apex:form>
</apex:pageBlockSection>
<br/>
<h3>List of Potential Prizes!</h3>
<apex:pageBlockTable value="{!treasures}" var="p"> <apex:column headervalue="Name"> <apex:OutputText value="{!p.Name}" /> <!-- p.Name is vulnerable NO -->
</apex:column> <apex:column headervalue="Description"> <apex:OutputText value="{!p.Description__c}" /> <!-- p.Description__c is vulnerable NO-->
</apex:column>
</apex:pageBlockTable>
venkata mani tejavenkata mani teja
iReplace ur  Vf code . success fully done my challenge
<apex:page controller="CRUD_FLS_Challenge" tabStyle="CRUD_FLS_Challenge__tab">
<apex:sectionHeader title="CRUD & FLS Challenge"/>

    <apex:pageBlock >
        <c:Classic_Error />
        <apex:pageBlockSection title="Demo" columns="1" id="tableBlock">
        <c:LoginAs string_url="/apex/CRUD_FLS_Challenge" array_permset="{!PermSets}"/> 
            <apex:pageBlockSection >
                <apex:form >
                    <h1>Are you feeling lucky? Open the treasure chest to claim your prize!</h1><br/><br/>
                
              <apex:image id="theImage" value="{!$Resource.treasure_chest}"/>
<br/><br/>
<apex:commandButton value="Open Chest" action="{!getRandomTreasure}" rendered="{!ISBLANK(chestContents)}"/> <apex:OutputText rendered="{!NOT(ISBLANK(chestContents))}" value="Congrats, you've found {!chestContents}!"/> <!-- chestContents is vulnerable YES -->
</apex:form>
</apex:pageBlockSection>
<br/>
<h3>List of Potential Prizes!</h3>
<apex:pageBlockTable value="{!treasures}" var="p"> <apex:column headervalue="Name"> <apex:OutputText value="{!p.Name}" /> <!-- p.Name is vulnerable NO -->
</apex:column> <apex:column headervalue="Description"> <apex:OutputText value="{!p.Description__c}" /> <!-- p.Description__c is vulnerable NO-->
</apex:column>
</apex:pageBlockTable>

            
        </apex:pageBlockSection>
        <apex:pageBlockSection title="Code links" columns="1">
            <apex:outputPanel >
                <ul>
                    <li><c:codeLink type="Visualforce" namespace="security_thail" name="CRUD_FLS_Challenge" description="Visualforce Page"/></li>
                    <li><c:codeLink type="Apex" namespace="security_thail" name="CRUD_FLS_Challenge" description="Apex Controller"/></li>              
                </ul>
            </apex:outputPanel>        
        </apex:pageBlockSection>        
    </apex:pageBlock>

</apex:page>
pentayah yuvrajpentayah yuvraj
The following works:
insert these comments in order on lines 14, 21, 24:

<!-- chestContents is vulnerable YES -->
<!-- p.Name is vulnerable NO -->
<!-- p.Description__c is vulnerable NO -->