Sign Up ›
  • Umesh Ramaswamy 29
  • NEWBIE
  • 0 Points
  • Member since 2020
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 0
    Questions
  • 1
    Replies
SOLVED
11 replies

Prevent XSS is Force.com Application

Greetings, I am working on the Prevent XSS in Force.Com Applications Trailhead, so far I've gotten most of the sections cleared. However, I seem to be stuck with this one. I've attempted many ways to assign JSENCODE, HTMLENCODE and JSINHTMLENCODE where needed but seem to stuck, are there any steps I should take here. My code's below. Hope it helps!
  
<apex:page controller="XSS_Mitigations_Challenge" sidebar="false" tabStyle="XSS_Mitigations_Challenge__tab">
<apex:sectionHeader title="XSS Mitigations Challenge" />
<apex:form >
    <apex:pageBlock >
        <apex:pageMessages />      
        <apex:pageBlockSection title="Demo" columns="1" id="tableBlock">
            <c:codeLink type="Visualforce" namespace="" edit="true" name="XSS_Mitigations_Challenge" description="Edit this Visualforce page to perform the challenge."/>
            
            
            <apex:outputText value="{!JSENCODE(sampleMergeField1)}"/>


            <apex:outputText value="{!HTMLENCODE(sampleMergeField2)}" escape="false"/>


            <apex:outputText >
                {!sampleMergeField3}
            </apex:outputText>
       
       
            <script>
                document.write('{!JSENCODE(sampleMergeField4)}');
            </script>
             
            
            {!sampleMergeField5}
            
            
            <script>
                var x = '{!JSENCODE(sampleMergeField6)}';
            </script>
            
            
            <apex:outputLabel value="{!sampleMergeField7}" escape="false"/>
                     

        </apex:pageBlockSection>
        <apex:pageBlockSection title="Code links" columns="1">
            <apex:outputPanel >
                <ul>
                    <li><c:codeLink type="Visualforce" namespace="" name="XSS_Mitigations_Challenge" description="Visualforce Page"/></li>            
                    <li><c:codeLink type="Apex" namespace="" name="XSS_Mitigations_Challenge" description="Apex Controller"/></li>
                </ul>
            </apex:outputPanel>        
        </apex:pageBlockSection>        
    </apex:pageBlock>          
</apex:form>              
</apex:page>