You need to sign in to do that
Don't have an account?
soni rajput
Problem with <apex:outputText>
Hi,
I am developing a appExchange app. In this app i am using a text Editor and for displaying the data on visual force page i am using <apex:outputText escape="false" value="{!description}"/>. I have used escape="false" because the description may contain images, text in any format and videos.
But Escape="False" attribute is giving an XSS Attack as a security error. How can i resolve this ? Any ideas ?
Thanks,
Soni
The only way that I'm aware of is to use a rich text area field and the <apex:outputField/> tag - this expects HTML markup to be present in the text and thus doesn't escape it.
I agree with Bob. You can only use outputfield for RTA fields. Also I experienced that having rerendered attribute to the actions causes problems when there is an RTA field bound with outputfield tag in the VF page.
Yep, you can't rerender with a Rich Text Field in the page, you have to refresh the entire page. I'd imagine this is because the regular HTML text area is turned into a rich text editor via onload javascript.
Hi Bob,
I am using TinyMce editor so data in that can be video also and <apex:outputfield> is not displaying it.
Thanks,
Soni
TinyMCE editor is different to rich text fields - that is just a front end onto regular text area fields. I'm not aware of any way to override the standard RT editor with TinyMCE (which is a shame, as I think TinyMCE is one of the best js rich text editors).
Hi Bob,
The problem is not with TinyMce editor.
I am storing description data in RichText Area field and displaying it through <apex:outputfield>. If Description field has Video and image data then <apex:outputfield> is not displaying it. So how can i display video and image data?
Thanks,
Soni
In your initial post you said the problem was that you had to use escape=false - is that still the case or do you have a new issue now?
Hi Bob,
Problem is same. Earlier i was using <apex:outputText escape="false"> and after your suggestion i am using <apex:outputfield>. Now the problem is that <Apex:outputField> is not displaying image and video.
Thanks,
Soni
HI
Plase go through this Link
http://boards.developerforce.com/t5/Apex-Code-Development/Avoid-Cross-site-Scripting-XSS-using-lt-apex-outputtext-escape/td-p/487587
If this post answers your questions please mark it as solved and give kudos for this post
Thanks