Cross site Scripting (XSS) attack

Hi All,

I'm getting Cross site Scripting (XSS) attack for the line strIdeaId = ApexPages.currentPage().getParameters().get('id'); Below is my code snippet. Please suggest me how to overcome this problem.
public with sharing class TestController {
String strIdeaId;
}
public TestController () {
strIdeaId = ApexPages.currentPage().getParameters().get('id');
}

January 27, 2016
·
Answer
·
Like
1
·
Follow
3

sharathchandra thukkani
How you came to know at that line you are facing? how you can check, in developer tools?

January 27, 2016
·
Like
0
·
Dislike
0

Ashlekh
Hi,

Here is a documention over this topic
https://developer.salesforce.com/docs/atlas.en-us.pages.meta/pages/pages_security_tips_xss.htm
https://developer.salesforce.com/page/Secure_Coding_Cross_Site_Scripting

-Thanks
Ashlekh Gera

January 27, 2016
·
Like
0
·
Dislike
0

VinodKR
Hi Hema,

Try this:

String sValue = ApexPages.currentPage().getParameters().get('id');
// the next line encodes the usertext similar to the VisualForce HTMLENCODE function but within an Apex class.
sValue = ESAPI.encoder().SFDC_HTMLENCODE(sValue);

Thanks,

Have a great day ahead,Let the Force be with you!
Please mark this as best answer if it helps you.

January 27, 2016
·
Like
1
·
Dislike
0

Hema Sudeepa
Hi ,

Thanks for your response

@Vinod I'm using the String in page side and I have used encoded method in page. It worked for me.

Thanks

January 27, 2016
·
Like
0
·
Dislike
0

You need to sign in to do that.

Need an account? Sign Up

Have an account? Sign In

Dismiss

Browse by Topic

Welcome to Support!

Show

sorted by

Cross site Scripting (XSS) attack

You need to sign in to do that.