You need to sign in to do that
Don't have an account?
Pratik Raut 14
Client Potential XSS error - Checkmarx
Hi All,
In the code scanning, I am facing the Client Potential XSS issue.
Scan Result:
Can anyone please provide me any solution on this?
Thanks,
Pratik
In the code scanning, I am facing the Client Potential XSS issue.
Scan Result:
Can anyone please provide me any solution on this?
Thanks,
Pratik
1. Wrap ur variable with HTMLENCODE AND JSENCODE to encode and hence its hard for attacker to inject script or insert iframe . Like example below 2. I see u used \' ? in code. Thats u need to escape
Check this. This will give u all possible XSS attach and help u to use
https://developer.salesforce.com/docs/atlas.en-us.secure_coding_guide.meta/secure_coding_guide/secure_coding_cross_site_scripting.htm
If I wrap o.value variable with JSENCODE(HTMLENCODE()) i.e {!JSENCODE(HTMLENCODE(o[0].value))}, then it gives an error:
Unknown property 'Subcontract__cStandardController.o'
Can you please suggest anything on this?