function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

s-controlls and security

Last days i test the Apex platform, testing some s-controlls and write some code. while testing some mashups i search for some information about security. Does anyone have a link?

Does s-controlls runs under adminlevel?
Does salesforce validate parameter automaticly?
What about XSS? If we use scripts from third party companys we would like to use a application firewall.

I have several questions but no paper give me some answers. I hope anyone can help me.

best regards, Jan Dreger

p.s. sorry for my bad english.

Scontrols are almost entirely a client side (in browser) technology as afr as dynamic content so the normal security concepts of any HTML/CSS/javascript/ajax/etc based functionality apply. The only server side interaction is with merge fields and formulas (the parts of your scontrol inside {!}'s) which are read only and cannot change data or otherwise impact the system.