+ Start a Discussion
Jayaramu T 9Jayaramu T 9 

any one have any idea on how to avoid "unescaped attribute value XSS" in the following code?

onclick="javascript:if ('{!selectedAccount}' != 'NEW' && '{!selectedAccount}' != 'NONE' ) {var newWindow = window.open('/{!selectedAccount}/p', 'accountview', 'top=40, left=40,scrollbars=yes, height=450, width=800');newwindow.focus();}