• Saurabh Kulkarni 34
  • NEWBIE
  • 0 Points
  • Member since 2015

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 2
    Questions
  • 3
    Replies
Hello,

My VF code is something like below:
<apex:pageBlockTable>
 <apex:column title="{!Config.Name}~Click to Edit" styleClass="NameClass" width="600px" value="{!Config.Name}"/>
.
</apex:pageBlockTable>

However, i'm getting stored XSS error from Salesforce Security Scanner.. I tried modifying the value of column somehting like 
value="{!HTMLENCODE(Config.Name)}"  But i'm getting this : errorSyntax error. Missing ')' after Config

Is there any special syntax that I need to use?? Or there can be any other solution to this??

Thanks!!
Saurabh
Hello,

I have two visualforce pages through which i'm navigating,, during the navigation i'm putting some values in the page2 URL so that i can accesss them in page2.. As show below..
 
//In page 1 controller 
 public pageReference callPage2()
{
  PageReference pr = new PageReference('/apex/Page2?name='+value);
  pr.setRedirect(true);
  return pr;
}

// in page2 controller

public page2Controller() 
{
  String receivedName = apexpages.currentpage().getparameters().get('name');

  xyz__c x = [select id from xyz__c where name=:receivedName];

}

However, when i submitted the code to salesforce security scanner i'm getting XSS error for this code..
This might be because of the use of page parameters in the SOQL query.
What can be the solution to this?? Is there any way by which I can encode or verify the page parameters for vulnerability in the apex code..

Please help!
Thanks in advance,
Saurabh
 

Hello,

My VF code is something like below:
<apex:pageBlockTable>
 <apex:column title="{!Config.Name}~Click to Edit" styleClass="NameClass" width="600px" value="{!Config.Name}"/>
.
</apex:pageBlockTable>

However, i'm getting stored XSS error from Salesforce Security Scanner.. I tried modifying the value of column somehting like 
value="{!HTMLENCODE(Config.Name)}"  But i'm getting this : errorSyntax error. Missing ')' after Config

Is there any special syntax that I need to use?? Or there can be any other solution to this??

Thanks!!
Saurabh