Failing to prevent the injection of JavaScript into data flows opens the possibility of cross site scripting (XSS). It is beyond the scope of the connector to prevent this however users Developers are alerted to the dangers of embedded JavaScript and requested to use recognised tools like the Microsoft Anti-Cross Site Scripting Library.Using Using the Microsoft Anti-Cross Site Scripting Library it is simple to ensure Salesforce or Sitecore bound data does not contain malicious characters.
...
Code Block | ||||
---|---|---|---|---|
| ||||
//encode for usage in HTML string safeString = AntiXss.HtmlEncode("evil string containing evil characters"); //encode for usage in HTML attribute string safeString = AntiXss.HtmlAttributeEncode("evil string containing evil characters"); //encode for usage in Javascript string safeString = AntiXss.JavaScriptEncode("evil string containing evil characters"); //HTML Sanitization method to strip dangerous HTML scripts string safeString = AntiXss.GetSafeHtml("evil string containing evil characters"); |