+ Start a Discussion
Gowkanapalli JanardhanreddyGowkanapalli Janardhanreddy 

Avoid Cross-site Scripting (XSS) using <apex:outputtext escape=false> How to avoid Cross-site Scripting (XSS) using <apex:outputText value="!wrk.html_description__c}" escape="false"/>

HI Inthe above line am getting error when ever i sumit to secirity review report but that funcationality is fine but i checking in security review report am getting this error
bob_buzzardbob_buzzard
The functionality may be fine, but that doesn't change the fact that you've introduced a security risk. Unescaped text can contain HTML and JavaScript that gets executed by the browser.  You can read more about this at:

https://www.salesforce.com/us/developer/docs/pages/Content/pages_security_tips_scontrols.htm