A developer has an Apex controller for a Visualforce page that takes an ID as a URL parameter. How should the developer prevent a cross site scripting vulnerability?
A.
ApexPages.currentPage().getParameters().get('url_param')
B.
String.escapeSingleQuotes(ApexPages.currentPage().getParameters().get('url_param'))
C.
String.ValueOf(ApexPages.currentPage().getParameters().get('url_param'))
D.
ApexPages.currentPage().getParameters().get('url_param').escapeHtml4()
Both B and D do some kind of sanitization to the string, but D seems to be more complete, as it transforms ALL special characters (not only single quotes) to Html4 entities
I think 'B' is right answer, please correct me it's not right
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CRT-450 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
noox
Highly Voted 1 year agolmeloni91
Most Recent 7 months, 3 weeks agoillyaOsiyuk
1 year, 1 month ago