Apex Code Development You need to sign in to do that
Don't have an account?
"inputText_Ignoring_FLS" in force security scanner report
Hello everyone,
I scan my code , and I received a Serious issue:
e.g : <apex:inputText value="{!ld.Name}" />
I have applied FLS : as the guide here : http://wiki.developerforce.com/page/Enforcing_CRUD_and_FLS
e.g : <apex:inputText value="{!ld.Name}" rendered="{!$ObjectType.Lead.fields.Name.Updateable}"/>
but it not worked.
I scan my code , and I received a Serious issue:
e.g : <apex:inputText value="{!ld.Name}" />
I have applied FLS : as the guide here : http://wiki.developerforce.com/page/Enforcing_CRUD_and_FLS
e.g : <apex:inputText value="{!ld.Name}" rendered="{!$ObjectType.Lead.fields.Name.Updateable}"/>
but it not worked.
inputText doesn't apply FLS, your should use inputField instead, in the guide you reference there is a section detailing this.
VisualForce will also remove fields for which users do not have FLS visibility when rendering edit pages. Additionally, all apex:inputField tags will be rendered as read-only elements for fields that are set to read-only through FLS. Please note that using other input tags such as apex:inputText or apex:inputTextArea with SObject fields indicate to VisualForce that the fields should not be treated as SObject fields and prevent the platform to automatically enforcing FLS.
how about <apex:inputHidden ? inputField can't replace for inputHidden
Paul