function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Hema SudeepaHema Sudeepa 

Cross site Scripting (XSS) attack

Hi All,

I'm getting Cross site Scripting (XSS) attack for the line strIdeaId = ApexPages.currentPage().getParameters().get('id'); Below is my code snippet. Please suggest me how to overcome this problem.
public  with sharing class TestController {
     String strIdeaId;
 public TestController () {
  strIdeaId = ApexPages.currentPage().getParameters().get('id');

sharathchandra thukkanisharathchandra thukkani
How you came to know at that line you are facing? how you can check, in developer tools?

Here is a documention over this topic

Ashlekh Gera
Hi Hema,

Try this:

String sValue = ApexPages.currentPage().getParameters().get('id');
// the next line encodes the usertext similar to the VisualForce HTMLENCODE function but within an Apex class.
sValue = ESAPI.encoder().SFDC_HTMLENCODE(sValue);


Have a great day ahead,Let the Force be with you!
Please mark this as best answer if it helps you.
Hema SudeepaHema Sudeepa

Hi ,

Thanks for your response

@Vinod I'm using the String in page side and I have used encoded method in page. It worked for me.