Starting November 20, the site will be set to read-only.
On December 4, 2023,
Apex Code Development (90768)
General Development (55146)
Visualforce Development (37251)
Lightning (18265)
APIs and Integration (17146)
Trailhead (11680)
Formulas & Validation Rules Discussion (11337)
Other Salesforce Applications (8116)
Jobs Board (6655)
Force.com Sites & Site.com (4842)
Mobile (2694)
You need to sign in to do that
Don't have an account?
soni rajput Hi,
I am developing an app to launch on appexchange. There is a visual force page in my app
which is displaying a text box using this tag :- <input type="text" value="{!VenueName}" />
So for security review should i use some HTMLEncode or JSEncode method ?
Thanks,
Soni
If you use a "natural" HTML element, you must remember to escape it (HTMLENCODE). If you use a "apex:inputText" (or the other related apex:input* fields), the value is automatically escaped for you. In other words, you should use "apex:inputText" instead (also, you can NOT read the value of a normal "input" field in Apex Code).