What is a best practice when passing query parameters from user interface to an apex controller?

What is a best practice when passing query parameters from user interface to an apex controller?
A . Query parameters should be properly sanitized by using JSINHTMLENCODE within the VisualForce
Page or Component.

B . String parameters should be trimmed using String.trim().
C . Query parameters should be passed only to Salesforce B2B Commerce classes that you are extending.
D . Query parameters should be stored on a backbone model prior to passing them to the server

Answer: A

Explanation:

A best practice when passing query parameters from user interface to an apex controller is to query parameters should be properly sanitized by using JSINHTMLENCODE within the VisualForce Page or Component. This function will encode any special characters in the query parameters to prevent cross-site scripting (XSS) attacks or SOQL injection attacks. For example, ccrz.ccRemoteActions.getProducts(‘{!JSINHTMLENCODE(searchTerm)}’) will encode the searchTerm parameter before passing it to the apex controller.

Reference: B2B Commerce and D2C Commerce Developer Guide, Security

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments