+ Start a Discussion
zachelrathzachelrath 

Encrypted Fields and JS Remoting --- IMPOSSIBLE? According to docs, yes!

We are trying to load in SObject data from Visualforce EXCLUSIVELY using JavaScript remoting. Which means, of course, that we are NOT leveraging the apex:outputField component at all. Which means, according to the Salesforce Help Docs, that Encrypted Fields cannot be used, because the only Visualforce component that supports them (i.e. that returns the value of an Encrypted Field in Masked Form) is apex:outputField.

 

Any ideas on how to circumvent this?

 

I tested this out using a simple VF page:

 

<apex:page standardController="Contact">
    <apex:outputField value="{!Contact.SSN__c}"/><br/>
    <apex:outputText value="{!Contact.SSN__c}"/> <br/>
    <apex:outputText value="{!Contact.SSN__c}" escape="false"/>
</apex:page>

 

Only the outputField returns the Masked Value. 

 

Can someone explain to me why querying the value of ANY field, let alone ENCRYPTED fields, would display differently in an apex:outputText on a page with a Standard Controller than it would in an Execute Anonymous call? If I run this in Execute Anonymous:

 

Contact tim = [select id, SSN__c from Contact where Name = 'Tim Barr' limit 1];

// Displays Masked Value: ***-**-6789
System.debug(tim.SSN__c);

the masked value is displayed. But when I run the above VF page with outputText the field is NOT masked. This seems very inconsistent to me... after all, the same user is executing both transactions! And, by the way, how is the apex:outputText component acquiring its data if not through the same channels as Apex code?

 

shruthishruthi

Hi

Check out here

The<apex:outputText>component doesn't respect the View Encrypted Data permission for users. To prevent showing sensitive information to unauthorized users, use the<apex:outputField>tag instead.

 

The outputField returns the Masked Value, and Execute Anonymous returns the Masked Value coz they respect User permissions.