O'Reilly logo

Visualforce Developer's Guide by W.A.Chamil Madusanka

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cross-site scripting (XSS)

Cross-site scripting attacks web applications where there is malicious client-side scripting or HTML. If the web application includes a malicious script, then the attacker can use the web application as an intermediate layer and make the trusted user a victim of the attack. A cross-site scripting weakness occurs when dynamically-generated web pages display invalidated, unfiltered, and non-encoded user input, allowing an attacker to embed malicious scripts into the generated page. This can be leveraged to execute the scripting code as if it came from the site's server on to the computer of anyone who used the site.

The Force.com platform has several methods to protect from XSS attacks, which are as follows:

  • Unescaped output ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required