+ Start a Discussion
Gowkanapalli JanardhanreddyGowkanapalli Janardhanreddy 

am getting this error in security review report <apex:outputText value="!wrk.html_description__c}" escape="false"/>

am getting in esacpe  attribute can help me any one?
Ankit AroraAnkit Arora
Yes, it's asecurity issue. Have you tried going with outputlable without escape = false? If it still doesn't work then you've to let Salesforce security team know why you are doing this, as sometimes it's not solvable.
Setting the escape attribute to 'false' allows text containing HTML and JavaScript to be rendered into the page and executed by the browser, which is a security risk. You can read more about this at:


As I understand it the security team have hardened their attitude to over the last year, so you'll need to have a very good reason for wanting to do this, and even if you do they may not allow it.