Apex Code Development You need to sign in to do that
Don't have an account?
Anuj Joshi 42 Stored XSS issue in visualforce page
Hi All,
I have a visualforce code written like this.
I have tried all the possible methods and ways to resolve but In checkmarx report it is not getting eliminated.
Kindly provide me solution for this.
Thanks,
Anuj
I have a visualforce code written like this.
<apex:outputText escape="False" value="{!cr.Message__c}" rendered="{!(cr.Message__c)!= ''}"/>
I have tried all the possible methods and ways to resolve but In checkmarx report it is not getting eliminated.
Kindly provide me solution for this.
Thanks,
Anuj
Have you tried bellow options (Either 1 or 2) ?
1. HTMLENCODE in Visualforce page
<apex:outputText escape="False" value="{!HTMLENCODE(cr.Message__c)}" rendered="{!HTMLENCODE(cr.Message__c)!= ''}"/>2. Sample Chnages in VF page and Class (If option 1 not worked)// This method return return the content of cr.Message__c public Component.Apex.OutputText getCustomContent(){ Component.Apex.OutputText objText = new Component.Apex.OutputText(escape = false); objText.value = cr.Message__c; return objText; } <apex:outputPanel rendered="{!customContent != null}" layout="none"> <apex:dynamicComponent componentValue="{!customContent}"/> </apex:outputpanel>Let me know if still you are getting checkmarx scan issue.
The first option mentioned by Om Prakash seems a correct solution. Give it a try.