You need to sign in to do that
Don't have an account?
Hema Sudeepa
Cross site Scripting (XSS) attack
Hi All,
I'm getting Cross site Scripting (XSS) attack for the line strIdeaId = ApexPages.currentPage().getParameters().get('id'); Below is my code snippet. Please suggest me how to overcome this problem.
public with sharing class TestController {
String strIdeaId;
}
public TestController () {
strIdeaId = ApexPages.currentPage().getParameters().get('id');
}
Here is a documention over this topic
https://developer.salesforce.com/docs/atlas.en-us.pages.meta/pages/pages_security_tips_xss.htm
https://developer.salesforce.com/page/Secure_Coding_Cross_Site_Scripting
-Thanks
Ashlekh Gera
Try this:
String sValue = ApexPages.currentPage().getParameters().get('id');
// the next line encodes the usertext similar to the VisualForce HTMLENCODE function but within an Apex class.
sValue = ESAPI.encoder().SFDC_HTMLENCODE(sValue);
Thanks,
Have a great day ahead,Let the Force be with you!
Please mark this as best answer if it helps you.
Hi ,
Thanks for your response
@Vinod I'm using the String in page side and I have used encoded method in page. It worked for me.
Thanks