+ Start a Discussion
Gowkanapalli JanardhanreddyGowkanapalli Janardhanreddy 

am getting this error in security review report <apex:outputText value="!wrk.html_description__c}" escape="false"/>

am getting in esacpe  attribute can help me any one?
Ankit AroraAnkit Arora
Yes, it's asecurity issue. Have you tried going with outputlable without escape = false? If it still doesn't work then you've to let Salesforce security team know why you are doing this, as sometimes it's not solvable.
bob_buzzardbob_buzzard
Setting the escape attribute to 'false' allows text containing HTML and JavaScript to be rendered into the page and executed by the browser, which is a security risk. You can read more about this at:

https://www.salesforce.com/us/developer/docs/pages/Content/pages_security_tips_scontrols.htm

As I understand it the security team have hardened their attitude to over the last year, so you'll need to have a very good reason for wanting to do this, and even if you do they may not allow it.