Hi,

it's a bit time that I looking for a solution for a problem.
In my application I have a custom field on a object that is a link to an embedded video. This is an example of link to a video

<object id="flashObj" width="480" height="270" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,47,0"><param name="movie" value="http://c.brightcove.com/services/viewer/federated_f9?isVid=1&isUI=1" /><param name="bgcolor" value="#FFFFFF" /><param name="flashVars" value="videoId=XXXXXXXXXXX&linkBaseURL=http%XXXXXXXXX.www2.XX.com%2Fvideo-gallery%2XXXXXXXXXXvideo%2F&playerID=XXXXXXXX&playerKey=AQ~~,XXXXXXXX~,XXXXXXXXR&domain=embed&dynamicStreaming=true" /><param name="base" value="http://admin.brightcove.com" /><param name="seamlesstabbing" value="false" /><param name="allowFullScreen" value="true" /><param name="swLiveConnect" value="true" /><param name="allowScriptAccess" value="always" /><embed src="http://c.brightcove.com/services/viewer/federated_f9?isVid=1&isUI=1" bgcolor="#FFFFFF" flashVars="videoId=XXXXXXX&linkBaseURL=http%XXXXXX.www2.XX.com%2Fvideo-gallery%2Fus%2Fen%2Fsss%XXXXXXXXXXX%2Fvideo%2F&playerID=1111577658001&playerKey=AQ~~,XXXXXXXX~,XXXXXXXXXXXXXXXXXXXXXXX&domain=embed&dynamicStreaming=true" base="http://admin.brightcove.com" name="flashObj" width="480" height="270" seamlesstabbing="false" type="application/x-shockwave-flash" allowFullScreen="true" allowScriptAccess="always" swLiveConnect="true" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"></embed></object>

I could show this video on my visualforce page using some code like this

<apex:outputPanel id="embed_object1" >
           <apex:outputText styleClass="myclass" escape="false" value="{!videoResource}"/>
 </apex:outputPanel>

As you can see i use the feature escape="false" in my apex:outputText. The problem is this case is that if I use the escape=false then I obtain a XSS issue in my code review.

I tried to use a dynamic component in this way

public Component.Apex.OutputText getEmbVideoHTMLContent(){
           Component.Apex.OutputText oppText = new Component.Apex.OutputText(escape = false);
           oppText.value = videoResource;
           oppText.styleClass='myClass';       
           return oppText ;
  }


<apex:outputPanel id="embed_object1" rendered="{!EmbVideoHTMLContent!= null}" layout="none">
          <apex:dynamicComponent re componentValue="{!EmbVideoHTMLContent}"/>
		</apex:outputpanel>

but i don't see nothing in my page. With dinamyc component I can see only video from youtube (the value of the text field is something like this "<iframe width="560" height="315" src="http://www.youtube.com/embed/XXXXXXXXX" frameborder="0" allowfullscreen></iframe>"). Then i solved this problem with the component apex:flash(setting the src and the flashvars properties), that is ok in this case because the <object></object> contains a flash video.
Now I would know how can I solve this problem for every type of multimedia file embedded in <object> tag without getting a XSS issue?


Thanks,

F.P.

Hi to all.

 

I'm trying to build a loader for csv file. As you can see from the code I load my csv file in an attachment. After I take the body of the attachment and insert it into a string using the toString (). I noticed that when in the csv file there is the € symbol I get an exception of type 'BLOB is not a valid UTF-8 string'. Do you have any suggestion?

 

My Controller

public with sharing class DocumentwithEuroController {

	public Attachment document {
			get {
				if (document == null)
					document = new Attachment();
				return document;
			}
			set;
		}
		
		
	public PageReference checkFile() {
		
		
		String fileBody = '';
		
		try{
			fileBody = document.body.toString();
			system.debug(fileBody);
		}catch(exception e){
			if(e.getmessage() == 'BLOB is not a valid UTF-8 string'){
			
				ApexPages.addMessage(new ApexPages.message(ApexPages.severity.WARNING, 'In the csv file there are stressed symbols. The upload is blocked'));	
			
			}
		}
		
		
		
		return null;
	}	

	
	

}

 

My page.

 

<apex:page controller="DocumentwithEuroController" >
 
<apex:form >

<apex:pageMessages id="pms1" />

<label for="ifl"
						style="text-align: left; font-weight: bold; padding-right: 0.69em;">Selezionare
					il file tracciato(.csv):</label>
					<apex:inputFile id="ifl" value="{!document.body}"
						filename="{!document.name}" styleclass="btn" />
						<apex:commandButton value="Load csv" action="{!checkFile}"
				status="loadCsv" />

</apex:form>

</apex:page>

 

For me is very important, i must resolve this proble by tomorrow 

Tanks to all,

 

FP

Hi,

 

i have to make an upsert of a list. But for me the type of list is kwown at runtime.

How i create a list or right type?-->is't not possible to make an upsert of a list of sObject.

 

List<SObject> listtoupsert=new List<SObject>();

String type='Lead';

//it's possible to make something like this?

List<type> listtoupsert2=new List<type>();

 

 

 

Hi to all.

 

I'm trying to build a loader for csv file. As you can see from the code I load my csv file in an attachment. After I take the body of the attachment and insert it into a string using the toString (). I noticed that when in the csv file there is the € symbol I get an exception of type 'BLOB is not a valid UTF-8 string'. Do you have any suggestion?

 

My Controller

public with sharing class DocumentwithEuroController {

	public Attachment document {
			get {
				if (document == null)
					document = new Attachment();
				return document;
			}
			set;
		}
		
		
	public PageReference checkFile() {
		
		
		String fileBody = '';
		
		try{
			fileBody = document.body.toString();
			system.debug(fileBody);
		}catch(exception e){
			if(e.getmessage() == 'BLOB is not a valid UTF-8 string'){
			
				ApexPages.addMessage(new ApexPages.message(ApexPages.severity.WARNING, 'In the csv file there are stressed symbols. The upload is blocked'));	
			
			}
		}
		
		
		
		return null;
	}	

	
	

}

 

My page.

 

<apex:page controller="DocumentwithEuroController" >
 
<apex:form >

<apex:pageMessages id="pms1" />

<label for="ifl"
						style="text-align: left; font-weight: bold; padding-right: 0.69em;">Selezionare
					il file tracciato(.csv):</label>
					<apex:inputFile id="ifl" value="{!document.body}"
						filename="{!document.name}" styleclass="btn" />
						<apex:commandButton value="Load csv" action="{!checkFile}"
				status="loadCsv" />

</apex:form>

</apex:page>

 

For me is very important, i must resolve this proble by tomorrow 

Tanks to all,

 

FP