Is there a way to use HTMLENCODE and JSENCODE inside Apex code?

I would like to use HTMLEncode function from the Apex code so that user input values are encoded by replacing characters that are reserved in HTML, such as the greater-than sign (>), with HTML entity equivalents, such as >

My VF code is like this

<apex:outputText escape="false" value="{!FormattedMessages}"/>

The value of FormattedMessages are styled using Apex code to highlight the message using different colors. I would like to encode just the data entered by user or administrator to avoid XSS.

November 28, 2011
·
Answer
·
Like
0
·
Follow
0

Ispita
Hi dipu,

You can use it as follows:-

<apex:outputText value=" {!HTMLENCODE(FormattedMessages)}" escape="false"/>

Refer to the link below for more information:-

http://www.salesforce.com/us/developer/docs/pages/Content/pages_security_tips_scontrols.htm

Hope this helps...

November 28, 2011
·
Like
0
·
Dislike
0

dipu3
Thanks Ispita for responding.
Looks like you missed part of the question. I want a mechanism to display HTML tag encoded in Apex and yet make sure that there is no XSS. So I just want to encode the user entered text in my HTML formatted in Apex.

December 6, 2011
·
Like
0
·
Dislike
0

Daniel_Comity
Has anyone found a resolution for this? I am having the same issue.

September 4, 2014
·
Like
0
·
Dislike
0

You need to sign in to do that.

Need an account? Sign Up

Have an account? Sign In

Dismiss

Browse by Topic

Welcome to Support!

Show

sorted by

Is there a way to use HTMLENCODE and JSENCODE inside Apex code?

You need to sign in to do that.