function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Abhijit ShrikhandeAbhijit Shrikhande 

Issue with Hands-on Challenge - Cross Scripting Vectors

I have identified the following vectors, but I am still blocked from completing the challenge. What am I missing?
  
<apex:page controller="Built_In_XSS_Protections_Challenge" sidebar="false" tabStyle="Built_In_XSS_Protections_Challenge__tab">
<apex:sectionHeader title="Built-In XSS Protections Challenge" />
<apex:form >
    <apex:pageBlock >
        <c:Classic_Error />
        <apex:pageMessages />      
        <apex:pageBlockSection title="Demo" columns="1" id="tableBlock">          
            
            <apex:outputText value="{!sampleMergeField1}"/>
            <!-- Line 9 is vulnerable to XSS: NO -->


            <apex:outputText value="{!sampleMergeField2}" escape="false"/>
            <!-- Line 13 is vulnerable to XSS: YES -->


            <apex:outputText >
                {!sampleMergeField3}
            </apex:outputText>
            <!-- Line 18 is vulnerable to XSS: YES / NO -->
       
       
            <style>
                .foo {
                    color: #{!sampleMergeField4};
                }
            </style>
            <!-- Line 25 is vulnerable to XSS: YES -->
             
            
            {!sampleMergeField5}
            <!-- Line 31 is vulnerable to XSS: NO -->
            
            
            <script>
                var x = '{!sampleMergeField6}';
            </script>
            <!-- Line 36 is vulnerable to XSS: YES -->
            
            
            <apex:outputLabel value="{!sampleMergeField7}" escape="false"/>
            <!-- Line 41 is vulnerable to XSS: YES -->
            
       
        </apex:pageBlockSection>
        <apex:pageBlockSection title="Code links" columns="1">
            <apex:outputPanel >
                <ul>
                    <li><c:codeLink type="Visualforce" namespace="security_thail" name="Built_In_XSS_Protections_Challenge" description="Visualforce Page"/></li>            
                    <li><c:codeLink type="Apex" namespace="security_thail" name="Built_In_XSS_Protections_Challenge" description="Apex Controller"/></li>
                </ul>
            </apex:outputPanel>        
        </apex:pageBlockSection>        
    </apex:pageBlock>          
</apex:form>              
</apex:page>

 
Sangeeth R 5Sangeeth R 5
try this code, it worked for me. 
<apex:page controller="Built_In_XSS_Protections_Challenge" sidebar="false" tabStyle="Built_In_XSS_Protections_Challenge__tab">
<apex:sectionHeader title="Built-In XSS Protections Challenge" />
<apex:form >
    <apex:pageBlock >
        <c:Classic_Error />
        <apex:pageMessages />      
        <apex:pageBlockSection title="Demo" columns="1" id="tableBlock">          
            
            <apex:outputText value="{!sampleMergeField1}"/>
            <!-- sampleMergeField1 is vulnerable to XSS: NO -->


            <apex:outputText value="{!sampleMergeField2}" escape="false"/>
            <!-- sampleMergeField2 is vulnerable to XSS: YES -->


            <apex:outputText >
                {!sampleMergeField3}
            </apex:outputText>
            <!-- sampleMergeField3 is vulnerable to XSS: NO -->
       
       
            <style>
                .foo {
                    color: #{!sampleMergeField4};
                }
            </style>
            <!-- sampleMergeField4 is vulnerable to XSS: YES -->
             
            
            {!sampleMergeField5}
            <!-- sampleMergeField5 is vulnerable to XSS: NO -->
            
            
            <script>
                var x = '{!sampleMergeField6}';
            </script>
            <!-- sampleMergeField6 is vulnerable to XSS: YES -->
            
            
            <apex:outputLabel value="{!sampleMergeField7}" escape="false"/>
            <!-- sampleMergeField7 is vulnerable to XSS: YES -->
            
       
        </apex:pageBlockSection>
        <apex:pageBlockSection title="Code links" columns="1">
            <apex:outputPanel >
                <ul>
                    <li><c:codeLink type="Visualforce" namespace="security_thail" name="Built_In_XSS_Protections_Challenge" description="Visualforce Page"/></li>            
                    <li><c:codeLink type="Apex" namespace="security_thail" name="Built_In_XSS_Protections_Challenge" description="Apex Controller"/></li>
                </ul>
            </apex:outputPanel>        
        </apex:pageBlockSection>        
    </apex:pageBlock>          
</apex:form>              
</apex:page>
Devender Baghel 8Devender Baghel 8
This is about --> Built_In_XSS_Protections_Challenge
I have specied below only the section where Yes/No is required,

<apex:outputText value="{!sampleMergeField1}"/>
<!-- sampleMergeField1 is vulnerable to XSS: NO -->

<apex:outputText value="{!sampleMergeField2}" escape="false"/>
<!-- sampleMergeField2 is vulnerable to XSS: YES -->

<apex:outputText > {!sampleMergeField3} </apex:outputText>
<!-- sampleMergeField3 is vulnerable to XSS: NO -->

<style>
.foo { color: #{!sampleMergeField4}; }
</style>
<!-- sampleMergeField4 is vulnerable to XSS: YES -->

{!sampleMergeField5}
<!-- sampleMergeField5 is vulnerable to XSS: YES -->

<script> var x = '{!sampleMergeField6}';
</script> <!-- sampleMergeField6 is vulnerable to XSS: YES -->

<apex:outputLabel value="{!sampleMergeField7}" escape="false"/>
<!-- sampleMergeField7 is vulnerable to XSS: YES -->

This should help you in getting go thru challenge.

Regards,
Dax