Apex Code Development You need to sign in to do that
Don't have an account?
SFDC_coder Stored XSS error in Javascript variable:
I am getting Stored XSS error while security scan in the Javascript variable in my VF page.
Below is the code:
VF Page:
<apex:page showHeader="false" sidebar="false" standardController="Opportunity" extensions="MyExtension">
<script>
var Boolean= "{!Flag}"; //Stored XSS error
var prodURL;
prodURL= '{!URL}'; //Stored XSS error
</script>
Controller:
public class myExtension{
public Boolean Flag {
get;
private set;
}
public PageReference URL {
get {
if(URL == null )
URL = Page.myVFpage;
return URL;
}
private set;
}
}
I tried using JSENCODE. But its not accepting because it is a boolean variable and URL. Please provide solution for this.
Below is the code:
VF Page:
<apex:page showHeader="false" sidebar="false" standardController="Opportunity" extensions="MyExtension">
<script>
var Boolean= "{!Flag}"; //Stored XSS error
var prodURL;
prodURL= '{!URL}'; //Stored XSS error
</script>
Controller:
public class myExtension{
public Boolean Flag {
get;
private set;
}
public PageReference URL {
get {
if(URL == null )
URL = Page.myVFpage;
return URL;
}
private set;
}
}
I tried using JSENCODE. But its not accepting because it is a boolean variable and URL. Please provide solution for this.
var mybool = {!IF(bool_data, "true", "false")}; //now we are sure that mybool is a booleanAnd for the other type of data like Integer, JSON, float, etc. use following examples in your code:
var myint = parseInt("{!JSENCODE(int_data)}"); //now we are sure that x is an int var myfloat = parseFloat("{!JSENCODE(float_data)}"); //now we are sure that y is a float var myJSON = JSON.parse("{!JSENCODE(stringified_value)}"); //when transmitting stringified JSON