• rak1
  • NEWBIE
  • 5 Points
  • Member since 2014

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 2
    Questions
  • 3
    Replies
I created a visualforce page, and i get some data(HTML) from webservice and store it in Custom Object as LongText, When i retrive it and display in my visual force page something like this
<apex:outputText value = "{!myobjdata}" escape=false/>
It works fine, But when i give my application for the review, Then the Security Scanner gives error with above line and SELECT query of my object  in class file (XSS_STORED)

Then I read about this XSS, and I added my data to visualforce page as below
<apex:outputText value = "{!HTMLENCODE(myobjdata)}" escape=false/>
But, now the data(HTML) in my object shows as it is like <div><ul>someinfo<li>point1</li><li>point2</li></ul></div> in my visualforce page
The HTML content is not rendered, How can i Overcome these issues (Mainly XSS)
Please help
  • March 07, 2015
  • Like
  • 0
Hi,
I have added oauth login to my application, i get access token after successful login...
I read in stackexchange that, we can also use access token as session id for the PHP Salesforce API
my code is as follows
           
            $location = $_SESSION['ws_endpoint'];
			$sessionId = $_SESSION['access_token'];
			
			// Process of logging on and getting a salesforce.com session
			$client = new SforcePartnerClient();
			$client->createConnection($wsdl);
			$client->setEndpoint($location);
			$client->setSessionHeader($sessionId);
			
			$service = new SoapClient($servicewsdl,array("trace" => 1, "soap_version" => SOAP_1_1));
			$sforce_header = new SoapHeader($_SESSION['ws_namespace'], "SessionHeader", array("sessionId" => $client->getSessionId()));
			$service->__setSoapHeaders(array($sforce_header));

$sessionId is accesstoken returned from oauth login redirect uri
it shows INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session
 
  • February 02, 2015
  • Like
  • 0
What's the best way to create a connection between Salesforce and SQL server database where our business rules reside to determine contract price and accessories related to product selected?
Hi,
I have added oauth login to my application, i get access token after successful login...
I read in stackexchange that, we can also use access token as session id for the PHP Salesforce API
my code is as follows
           
            $location = $_SESSION['ws_endpoint'];
			$sessionId = $_SESSION['access_token'];
			
			// Process of logging on and getting a salesforce.com session
			$client = new SforcePartnerClient();
			$client->createConnection($wsdl);
			$client->setEndpoint($location);
			$client->setSessionHeader($sessionId);
			
			$service = new SoapClient($servicewsdl,array("trace" => 1, "soap_version" => SOAP_1_1));
			$sforce_header = new SoapHeader($_SESSION['ws_namespace'], "SessionHeader", array("sessionId" => $client->getSessionId()));
			$service->__setSoapHeaders(array($sforce_header));

$sessionId is accesstoken returned from oauth login redirect uri
it shows INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session
 
  • February 02, 2015
  • Like
  • 0

Hi Everybody,

 

I have created a VF page ccontroller(i.e a Apex class) which is returning a String Variable containing some HTML content,

 

But when i am displaying that String variable in VF page , it is showing the output in different format.

 

Example--

 

Apex class Code

 

String HTMLContent='<b>Hello World</b>'

 

public String getContent(){

return HTMLContent;

}

 

VisualForce Page Code

 

{!Content}

 

It is showing the output like that  "<b>Hello World</b>" 

But i want to display the Hello World in bold letter(like html format)

 

When i am execute and view the Page output in FireBug, The String is like that

 

&lt;b&gt;Hello World&nbsp&lt;/b&gt;

 

 

I need help,

  • October 14, 2011
  • Like
  • 0