function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Bethann GonzalezBethann Gonzalez 

Critical Update-Generate correctly escaped markup?

I have a critical update-generate correctly escaped markup. However I am not sure if my organization contain pages or components that depend on this incorrect processing.  How would I know which pages to be fixed? I am not aware of any issues? Should I activate this update?

Prior to the Winter ’13 release, text in some Visualforce pages and components might have been generated incorrectly. This markup could contain fragments that should have been escaped (for example, the "<" character generated as "&lt;") but were not. These fragments might be interpreted by the browser as markup rather than as text in the page. This problem has been corrected for all pages with API version 26.0 or later.
Your organization might contain pages or components that depend on this incorrect processing. These pages need to be fixed. To fix them, you will generally need to use <apex:outputText> with the attribute escape="false" to cause the text to be generated unescaped, as it was previously.
If your page contains either:
·         <apex:outputText value="{!something}"/>, or
·         A free-standing expression {!something}
And you’re expecting the string returned by the controller for {!something} to be treated as markup, rather than displayed in the page, then this page needs to be changed.
·         For the first case, you need simply set the escape attribute to false, <apex:outputText value="{!something}" escape="false"/>.
·         For the second case, you need to modify the expression to be output using <apex:outputText> as with the first case:
<apex:outputText value="{!something}" escape="false"/>
When you have fixed any affected pages, you should activate this Critical Update.


This is showing up for several of our customers who were updated to Winter '13.  I'm concerned that this is called a Critcal Update and there is no other communication being sent out.    So, it looks like we are gonig to have to go VF Page by VF Page to find the code, fix it and then activate the update?  Anyone from SFDC that can speak more to this?


Not only that, but the notification of the critical update only showed up when I clicked into Apex Classes. I'm sure there are many out there that do not even know this update exists.


I have two questions to ask


a) Insted of adding escape="false" for outputText tag on each page, if we change the API version to 26. Will it help??

b) Do we need to make changes to only custon pages before we activate the critial update. Or we have to change all the pages(standard and custom) ?



I would also like to know how/where to check if I need to make updates before it's activated.  I reached out to SF support and didn't get much help - just a link to the general info on Critical Updates.


Salesforce is not really addressing this.  When I spoke with support and my rep. they said to post on the community page for answers on how to deal with this.