You need to sign in to do that
Don't have an account?
soni rajput
Problem with HTML Text box in VF Page
Hi,
I am developing an app to launch on appexchange. There is a visual force page in my app
which is displaying a text box using this tag :- <input type="text" value="{!VenueName}" />
So for security review should i use some HTMLEncode or JSEncode method ?
Thanks,
Soni
If you use a "natural" HTML element, you must remember to escape it (HTMLENCODE). If you use a "apex:inputText" (or the other related apex:input* fields), the value is automatically escaped for you. In other words, you should use "apex:inputText" instead (also, you can NOT read the value of a normal "input" field in Apex Code).