Apex Code Development You need to sign in to do that
Don't have an account?
vagish How to resolve below XSS issues-
Object: select in file: classes\OpportunitySync.cls
L 412: tempOpp = [select Id, AccountId, Name, Description, StageName from Opportunity where Id =: opportunityId];
Object: tempopp in file: classes\OpportunitySync.cls
L 412: tempOpp = [select Id, AccountId, Name, Description, StageName from Opportunity where Id =: opportunityId];
Object: opportunitysync in file: pages\Opportunity_Sync.page
L 77: <apex:outputText value="{!syncDS.syncError}" escape="false"/>
Object: opportunitysync____46 in file: pages\Opportunity_Sync.page
L 77: <apex:outputText value="{!syncDS.syncError}" escape="false"/>
Object: opportunitysync____46 in file: pages\Opportunity_Sync.page
L 77: <apex:outputText value="{!syncDS.syncError}" escape="false"/>
Object: getsyncdslist45 in file: pages\Opportunity_Sync.page
L 77: <apex:outputText value="{!syncDS.syncError}" escape="false"/>
Object: getsyncdslist45 in file: pages\Opportunity_Sync.page
L 77: <apex:outputText value="{!syncDS.syncError}" escape="false"/>
Object: syncdslist in file: classes\OpportunitySync.cls
L 483: return syncDSList;
First two made sense and i should change that to dynamic query. However, i am not sure what fix is expected for rest of them. Can anyone make point fix comment to figure out atleast any of them (except initial two) ?
L 412: tempOpp = [select Id, AccountId, Name, Description, StageName from Opportunity where Id =: opportunityId];
Object: tempopp in file: classes\OpportunitySync.cls
L 412: tempOpp = [select Id, AccountId, Name, Description, StageName from Opportunity where Id =: opportunityId];
Object: opportunitysync in file: pages\Opportunity_Sync.page
L 77: <apex:outputText value="{!syncDS.syncError}" escape="false"/>
Object: opportunitysync____46 in file: pages\Opportunity_Sync.page
L 77: <apex:outputText value="{!syncDS.syncError}" escape="false"/>
Object: opportunitysync____46 in file: pages\Opportunity_Sync.page
L 77: <apex:outputText value="{!syncDS.syncError}" escape="false"/>
Object: getsyncdslist45 in file: pages\Opportunity_Sync.page
L 77: <apex:outputText value="{!syncDS.syncError}" escape="false"/>
Object: getsyncdslist45 in file: pages\Opportunity_Sync.page
L 77: <apex:outputText value="{!syncDS.syncError}" escape="false"/>
Object: syncdslist in file: classes\OpportunitySync.cls
L 483: return syncDSList;
First two made sense and i should change that to dynamic query. However, i am not sure what fix is expected for rest of them. Can anyone make point fix comment to figure out atleast any of them (except initial two) ?
For first two use escapeSingleQuotes method. and for rest of them use HTMLENCODE in value property.
<apex:outputText value="{!HTMLENCODE(syncDS.syncError)}" escape="false"/>This will help you to avoid XSS issues.
Thanks,
Naval