• Ian Lin 157
  • 0 Points
  • Member since 2020

  • Chatter
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 0
  • 2
We recently scanned all Apex for our org and found multiple security findings with message: URL parameters should be escaped/sanitized XSS. May be tainted: when using variable pageid.  Does anyone know what this means?  Here is a snippit of code where it is referencing 'pageid' in the page reference var.

id pageid=ApexPages.currentPage().getParameters().get('id');
PageReference ref =  new PageReference('/'+pageid);
It seems like no matter where I put my System.debug statement, I cannot find it in my debug log. I have already set myself up to track debug logs, etc, but for some reason I can only see the debug log at the end of my Apex class.

What reasons would there be for not being able to see the system.debug statements in a debug log? I already have the appropriate setting and can see the debug log, but it does not contain the debug statements I need. Please advise
  • August 11, 2014
  • Like
  • 0