Sign Up ›
  • lordson
  • NEWBIE
  • 0 Points
  • Member since 2012
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 2
    Questions
  • 3
    Replies
1 replies

help on security error in java-script code 'Confidential information passed in GET request'

Dear all,

 

We just got our security testing results, got one issue 

 

Scanning File: \TestHelp.page

<script>

fun(){

61 window.location.href='https://help.salesforce.com/htviewhelpdoc?id='+'{!JSENCODE(temp)}'+'&siteLang=en_US';

}

</script>

 

Recommendation:

Ensure that all session IDs are unique, random and encrypted.

Ensure that unencrypted session IDs are not used in the URL.

Make sure all tokens, session IDs and session cookies expire after a reasonable time period.

 

the id part already encoded with json encode , we didn get any exception in code scanner. Could any one suggest wht could be the solution for code  at line 61.

 

Thnaks,

Stephen

2 replies

Does anyone know how to dynamically get listIds from Enhanced Lists?

my page having two list views of a same object type
<apex:page>
<apex:enhancedList type="custom__c" height="300" listId="00BM0000000LbS1" />

<apex:enhancedList  type="custom__c" height="300" listId="00BM0000000wSbc" />
</apex:page>

when i do packge and install in different org, enhanced list is  not working, getting error on page as the list id is org specifice .

If i am able give view name insted of id then no issue, but i don know how to do.? is that possible to give view name insted of id. any workarround for this issue?

kindly give me any solution for this.

4 replies

How to write test class for both 'If 'and 'Else' statements

In the below code,   the code coverage is only 66% . it is covering for try and catch block but not covering for IF AND ELSE block . I am looking for your help

complete code.
--------------
public class MyClassTest{
    public String accountName{get;set;}
 
    public void aMethod(){
        try{
            Account a = [SELECT id FROM Account WHERE name = :accountName];
            if(a.Id=='2'){
            accountName = 'A name that I know ';
            }else{
            accountName = 'A name ';}
        } catch (System.queryException e){
             accountName = 'A name that I know doesn\'t exist in my real dataset';
        }
    }

public static testMethod void  testAMethod1(){    
   test.startTest();
    MyClassTest mc = new MyClassTest();
    mc.accountName = 'A name that I know doesn\'t exist in my real dataset';
    mc.aMethod();
    List<Account> a = [SELECT id FROM Account WHERE name = 'A name that I know doesn\'t exist in my real dataset'];
    System.assert(a.size()>0);
    test.stopTest();
}
}
 
2 replies

approval process

can we able to write approval process throught apexcode?can we deploy proval process  through eclips ide from devsandbox to production?

2 replies

Does anyone know how to dynamically get listIds from Enhanced Lists?

my page having two list views of a same object type
<apex:page>
<apex:enhancedList type="custom__c" height="300" listId="00BM0000000LbS1" />

<apex:enhancedList  type="custom__c" height="300" listId="00BM0000000wSbc" />
</apex:page>

when i do packge and install in different org, enhanced list is  not working, getting error on page as the list id is org specifice .

If i am able give view name insted of id then no issue, but i don know how to do.? is that possible to give view name insted of id. any workarround for this issue?

kindly give me any solution for this.