+ Start a Discussion
satishch_sfdcsatishch_sfdc 

Anti XSS for Richtext Area

is there any feature for richtext textbox to avoid XSS? Thanks in advance.

bob_buzzardbob_buzzard

The docs state that all standard Visualforce components (i.e. all of those that start with <apex: ..>) have built in XSS protection.

 

When saving a rich-text area field, any JavaScript will be removed as will any HTML that is considered to be dangerous - using the object tag for example.