What is a best practice when passing query parameters from user interface to an apex controller?
What is a best practice when passing query parameters from user interface to an apex controller?
A . Query parameters should be properly sanitized by using JSINHTMLENCODE within the VisualForce Page or Component.
B . String parameters should be trimmed using String.trim().
C . Query parameters should be passed only to Salesforce B2B Commerce classes that you are extending.
D . Query parameters should be stored on a backbone model prior to passing them to the server
Answer: A
Explanation:
A best practice when passing query parameters from user interface to an apex controller is to query parameters should be properly sanitized by using JSINHTMLENCODE within the VisualForce Page or Component. This function will encode any special characters in the query parameters to prevent cross-site scripting (XSS) attacks or SOQL injection attacks.
For example, ccrz.ccRemoteActions.getProducts(‘{!JSINHTMLENCODE(searchTerm)}’) will encode the searchTerm parameter before passing it to the apex controller.
Salesforce Reference: B2B Commerce and D2C Commerce Developer Guide, Security
Latest B2B Commerce Developer Dumps Valid Version with 79 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund