[Salesforce]JSENCODE

JSENCODE

Encode text strings and merge field values ​​for use in JavaScript by inserting an escape character, such as a backslash (), before unsafe JavaScript characters, such as an apostrophe (‘).

The JavaScript runs when the page loads and displays the alert.

<script>var ret = "foo";alert('xss');//";</script>

In this case, use the JSENCODE function to prevent JavaScript from being executed. Example

<script>var ret = "{!JSENCODE($CurrentPage.parameters.retURL)}";</script>

投稿者: kinkun

保有資格 Salesforce Certified Platform App Builder T Salesforce Certified Platform Developer I Salesforce Certified Platform Developer II Salesforce Certified Administrator

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です