You need to sign in to do that
Don't have an account?
Problem in Javascript Code
Hi,
I am going to launch an app on appexchange which contains javascript code and i want to prevent it from XSS Attack. In my code i am getting a list of String from Apex Class and inserting it in Javascript array and i am also harcoding some values like 'My Local' etc. Some lines of this script is given below.
<script type="text/javascript">
STATE = new Array();
CODE = new Array();
STATE[0] = "ALABAMA";
CODE[0] = "AL";
carray = new Array();
Keywordarray = new Array();
carray.push('My Local ');
var ci = geoip_city() + ', ' + geoip_region() + ' ';
carray.push(ci);
carray.push('All US ');
</script>
<apex:repeat value="{!KeywordList}" var="req">
<script type="text/javascript">
Keywordarray.push('{!req}');
</script>
</apex:repeat>
So what should i do to prevent it from XSS attack.
I have gone through some links:
https://www.owasp.org/index.php/XSS
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
http://wiki.developerforce.com/images/9/9b/XSS_Protection_S-controls.pdf
but could not understand. Please Help.
Thanks,
Soni
There are follwing salesfroce doc that might help u
1) http://www.salesforce.com/us/developer/docs/apexcode/Content/pages_security_tips_xss.htm
2) http://wiki.developerforce.com/page/Secure_Coding_Cross_Site_Scripting