+ Start a Discussion
Adelchi PelizzoAdelchi Pelizzo 

Ajax toolkit

I am trying to get a handle on this Ajax Toolkit.

I am referring to this example https://developer.salesforce.com/docs/atlas.en-us.ajax.meta/ajax/sforce_api_ajax_vf_sample.htm 
I do not understand where GETSESSIONID() is coming from here, can someone point me in the right direction?
 
<apex:page >
    <script type="text/javascript">
    var __sfdcSessionId = '{!GETSESSIONID()}';
    </script>

 
Best Answer chosen by Adelchi Pelizzo
Rufus RodenRufus Roden
You can use them in your javascript, html, or items like visualforce components.  However you should be aware that they're essentially 'mail merging' the values into your page.  So, for example, if you have some javascript code like so
 
function whenCalled() { 
	alert('{!NOW()}'); 
}

then what your browser will actually see is
 
function whenCalled() { 
	alert('Mon Sep 14 01:23:45 GMT 2015'); 
}

so every call will alert with the same 'now' time.

Because of this mail merge approach you should probably be careful to wrap the values using JSENCODE, HTMLENCODE, JSINHTMLENCODE.

All Answers

Rufus RodenRufus Roden
It's one of the standard functions available on a Visualforce page.  You can check out this list here:
https://developer.salesforce.com/docs/atlas.en-us.pages.meta/pages/pages_variables_functions.htm
Adelchi PelizzoAdelchi Pelizzo
Thanks for the link.

This means I can use those funtions in any javascript on a visualforce page?

On the document says: Use functions to transform data from records, perform calculations, or to provide values for Visualforce attributes.
 
Rufus RodenRufus Roden
You can use them in your javascript, html, or items like visualforce components.  However you should be aware that they're essentially 'mail merging' the values into your page.  So, for example, if you have some javascript code like so
 
function whenCalled() { 
	alert('{!NOW()}'); 
}

then what your browser will actually see is
 
function whenCalled() { 
	alert('Mon Sep 14 01:23:45 GMT 2015'); 
}

so every call will alert with the same 'now' time.

Because of this mail merge approach you should probably be careful to wrap the values using JSENCODE, HTMLENCODE, JSINHTMLENCODE.
This was selected as the best answer
Adelchi PelizzoAdelchi Pelizzo
That's very informative, thanks.