You need to sign in to do that
Don't have an account?
Anuj Joshi 42
Does outputText prevents XSS?
Hi all,
I am writing escape=false in my VF Page. like this.
The Mesage__c is a custom field in the object with is of type Rich Text Area. This issue is coming up in my checkmarx report. In the document I have checked using Rich text area eliminated XSS vulnerabilty. How do I solve this? I have tried all possible solutions like JSENCODE, HTMLENCODE etc.
I am writing escape=false in my VF Page. like this.
<apex:outputText escape="false" value="{!cr.Message__c}" rendered="{!(cr.Message__c)!= ''}"/><br/><br/>
The Mesage__c is a custom field in the object with is of type Rich Text Area. This issue is coming up in my checkmarx report. In the document I have checked using Rich text area eliminated XSS vulnerabilty. How do I solve this? I have tried all possible solutions like JSENCODE, HTMLENCODE etc.