You need to sign in to do that
Don't have an account?
dipu3
Is there a way to use HTMLENCODE and JSENCODE inside Apex code?
I would like to use HTMLEncode function from the Apex code so that user input values are encoded by replacing characters that are reserved in HTML, such as the greater-than sign (>), with HTML entity equivalents, such as >
.
My VF code is like this
<apex:outputText escape="false" value="{!FormattedMessages}"/>
The value of FormattedMessages are styled using Apex code to highlight the message using different colors. I would like to encode just the data entered by user or administrator to avoid XSS.
Hi dipu,
You can use it as follows:-
<apex:outputText value=" {!HTMLENCODE(FormattedMessages)}" escape="false"/>
Refer to the link below for more information:-
http://www.salesforce.com/us/developer/docs/pages/Content/pages_security_tips_scontrols.htm
Hope this helps...
Thanks Ispita for responding.
Looks like you missed part of the question. I want a mechanism to display HTML tag encoded in Apex and yet make sure that there is no XSS. So I just want to encode the user entered text in my HTML formatted in Apex.