Avoid Cross-site Scripting (XSS) using <apex:outputtext escape=false> How to avoid Cross-site Scripting (XSS) using <apex:outputText value="!wrk.html_description__c}" escape="false"/>

HI Inthe above line am getting error when ever i sumit to secirity review report but that funcationality is fine but i checking in security review report am getting this error

August 19, 2014
·
Answer
·
Like
0
·
Follow
1

bob_buzzard
The functionality may be fine, but that doesn't change the fact that you've introduced a security risk. Unescaped text can contain HTML and JavaScript that gets executed by the browser. You can read more about this at:

https://www.salesforce.com/us/developer/docs/pages/Content/pages_security_tips_scontrols.htm

August 21, 2014
·
Like
0
·
Dislike
0

You need to sign in to do that.

Need an account? Sign Up

Have an account? Sign In

Dismiss

Browse by Topic

Welcome to Support!

Show

sorted by

Avoid Cross-site Scripting (XSS) using <apex:outputtext escape=false> How to avoid Cross-site Scripting (XSS) using <apex:outputText value="!wrk.html_description__c}" escape="false"/>

You need to sign in to do that.