You need to sign in to do that
Don't have an account?
Ganga
how to resolve stored XSS .... in an apex class
Hi friends
I am getting a issue on Stored XSS in my class
can any one help me out I am new to SFDC
showing at line .....
coa = [SELECT Id, LR_Status__c, Requirement__c, Status1__c,LR_Status_Date__c,MR_Status_Date__c, LR_Date__c,
Candidate__c, MR_Status__c,Requirement_Owner_Email__c, R_Comments__c, LR_Comments__c, MR_Comments__c,
Employer_s_Authorization__c, Manager_Email_ID__c, Submitted_to_Client__c, Submitted_to_Client_Date__c,
Interview_Scheduled__c, Interview_Scheduled_Date__c, Interview_Accepted__c, Interview_Accepted_Date__c,
Client_Offered__c, Client_Offer_Date__c, Comments__c, Client_Interviewed__c, Client_Interview_Date__c,
Candidate_started__c, CreatedDate,started_date__c, LR_Email__c,lr_id__c, CreatedById, Name, Last_Name__c,Contract_End_Date__c,MR_Status_date1__c FROM
Candidate_Mapping__c where id =:cid];
uEmailR = [Select Email,Manager_Email__c FROM User WHERE ID =:coa.CreatedById];
can = [Select Name,CreatedDate From Candidate__c WHERE ID =:coa.Candidate__c];
subCandidate =string.Valueof(can.Name) + ' ' + string.Valueof(coa.Last_Name__c);
REmail = uEmailR.Email;
LREmail = uEmailR.Manager_Email__c;
MREmail = string.Valueof(coa.Requirement_Owner_Email__c);
strCandidateStarted = coa.started_date__c;
this is my code i am getting error on these lines ......COa and can
Thanks in advance
I am getting a issue on Stored XSS in my class
can any one help me out I am new to SFDC
showing at line .....
coa = [SELECT Id, LR_Status__c, Requirement__c, Status1__c,LR_Status_Date__c,MR_Status_Date__c, LR_Date__c,
Candidate__c, MR_Status__c,Requirement_Owner_Email__c, R_Comments__c, LR_Comments__c, MR_Comments__c,
Employer_s_Authorization__c, Manager_Email_ID__c, Submitted_to_Client__c, Submitted_to_Client_Date__c,
Interview_Scheduled__c, Interview_Scheduled_Date__c, Interview_Accepted__c, Interview_Accepted_Date__c,
Client_Offered__c, Client_Offer_Date__c, Comments__c, Client_Interviewed__c, Client_Interview_Date__c,
Candidate_started__c, CreatedDate,started_date__c, LR_Email__c,lr_id__c, CreatedById, Name, Last_Name__c,Contract_End_Date__c,MR_Status_date1__c FROM
Candidate_Mapping__c where id =:cid];
uEmailR = [Select Email,Manager_Email__c FROM User WHERE ID =:coa.CreatedById];
can = [Select Name,CreatedDate From Candidate__c WHERE ID =:coa.Candidate__c];
subCandidate =string.Valueof(can.Name) + ' ' + string.Valueof(coa.Last_Name__c);
REmail = uEmailR.Email;
LREmail = uEmailR.Manager_Email__c;
MREmail = string.Valueof(coa.Requirement_Owner_Email__c);
strCandidateStarted = coa.started_date__c;
this is my code i am getting error on these lines ......COa and can
Thanks in advance
To avoide XSS use escape function.
Solution can be one of the followings:
>Try to use STATIC queries as much as possible. STATIC query has inbuilt escaping.
>If dynamic query is needed , then all the search parameters should use escapeSingleQuotes() function.like
List<Account> listAccount = Database.query('Select id from Account where Name = \'' + String.escapeSingleQuotes(nameField) + '\' ');
Referred: http://simplyforce.blogspot.in/2011/03/salesforce-applications-with-security_14.html