function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

app publish - XSS Apex Force com Critical Security Risk


   I am facing problem when publish apps xss(cross side cripting) error.    Apex Force com Critical Security Risk


Query Name - Stored_XSS


mytask = [select id, Name, Project__r.Project_Color__c, OwnerID ,CreatedByID,Owner.Name,CreatedBy.Name from
Project_Task__c where List__c = 'x'];


How to solve this problem



Stored XSS means that you're querying data from the database, and then exposing this data in an unescaped element on your page. There's nothing strictly wrong with this query, but I would suspect that either Name or Project__r.Project_Color__r is being leaked without escaping. We need to see the entire security risk chain, not just the query.