You need to sign in to do that
Don't have an account?
SFDC_coder
Stored XSS error in Javascript variable:
I am getting Stored XSS error while security scan in the Javascript variable in my VF page.
Below is the code:
VF Page:
<apex:page showHeader="false" sidebar="false" standardController="Opportunity" extensions="MyExtension">
<script>
var Boolean= "{!Flag}"; //Stored XSS error
var prodURL;
prodURL= '{!URL}'; //Stored XSS error
</script>
Controller:
public class myExtension{
public Boolean Flag {
get;
private set;
}
public PageReference URL {
get {
if(URL == null )
URL = Page.myVFpage;
return URL;
}
private set;
}
}
I tried using JSENCODE. But its not accepting because it is a boolean variable and URL. Please provide solution for this.
Below is the code:
VF Page:
<apex:page showHeader="false" sidebar="false" standardController="Opportunity" extensions="MyExtension">
<script>
var Boolean= "{!Flag}"; //Stored XSS error
var prodURL;
prodURL= '{!URL}'; //Stored XSS error
</script>
Controller:
public class myExtension{
public Boolean Flag {
get;
private set;
}
public PageReference URL {
get {
if(URL == null )
URL = Page.myVFpage;
return URL;
}
private set;
}
}
I tried using JSENCODE. But its not accepting because it is a boolean variable and URL. Please provide solution for this.
And for the other type of data like Integer, JSON, float, etc. use following examples in your code: