function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Stored XSS error in Javascript variable:

I am getting Stored XSS error while security scan in the Javascript variable in my VF page.
Below is the code:
VF Page:
<apex:page showHeader="false" sidebar="false" standardController="Opportunity" extensions="MyExtension">
        var Boolean= "{!Flag}"; //Stored XSS error
        var prodURL;  
        prodURL= '{!URL}'; //Stored XSS error

public class myExtension{
    public Boolean Flag {
        private set;
    public PageReference URL {
        get {
          if(URL == null )
            URL = Page.myVFpage;
            return URL;
        private set;

I tried using JSENCODE. But its not accepting because it is a boolean variable and URL. Please provide solution for this. 
In order to be safe and sure that the value provided by the controller is bollean (and valid) you need to use this snippet:
var mybool = {!IF(bool_data, "true", "false")};  //now we are sure that mybool is a boolean

And for the other type of data like Integer, JSON, float, etc. use following examples in your code:
var myint = parseInt("{!JSENCODE(int_data)}"); //now we are sure that x is an int
var myfloat = parseFloat("{!JSENCODE(float_data)}");  //now we are sure that y is a float
var myJSON = JSON.parse("{!JSENCODE(stringified_value)}"); //when transmitting stringified JSON