Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce Certified B2C Commerce Architect (Arch-303) Exam - Topic 1 Question 74 Discussion

A developer is checking for Cross Site Scripting (XSS) and found that the quick search is not escaped (allows inclusion of Javascript) in the following script:How would the developer resolve this issue?
B) Use <isprint value='${searchPhrase}* encoding-'jshtmr />
A) Replace 'with double Quote*
C) Use <isprint value='${searchPhrase} encoding-'jsblock' />
D) Use <toprint value='${searchPhrase}' />

Salesforce Certified B2C Commerce Architect (Arch-303) Exam - Topic 1 Question 74 Discussion

Actual exam question for Salesforce's Salesforce Certified B2C Commerce Architect (Arch-303) exam
Question #: 74
Topic #: 1
[All Salesforce Certified B2C Commerce Architect (Arch-303) Questions]

A developer is checking for Cross Site Scripting (XSS) and found that the quick search is not escaped (allows inclusion of Javascript) in the following script:

How would the developer resolve this issue?

Show Suggested Answer Hide Answer
Suggested Answer: B

To resolve the issue of Cross Site Scripting (XSS) where the quick search is not escaped, the developer should use the <isprint> tag with the 'jshtml' encoding option (Answer B). This method ensures that any JavaScript included in the search phrase is properly escaped, preventing the execution of potentially malicious scripts. The 'jshtml' encoding is specifically designed to encode text for HTML contexts where JavaScript is embedded, providing a secure way to handle user input in Salesforce B2C Commerce.


by Halina at Mar 05, 2026, 08:27 AM

Limited Time Offer

25%

Off

Get Premium Salesforce Certified B2C Commerce Architect (Arch-303) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lemuel
24 days ago
Wait, are we really trusting user input at all?
upvoted 0 times
...
Jade
29 days ago
I think C is better, it looks more secure to me.
upvoted 0 times
...
Lawrence
1 month ago
Option B seems like the safest choice for XSS prevention.
upvoted 0 times
...
Noah
1 month ago
C looks good, but I wonder if it covers all cases.
upvoted 0 times
...
Melvin
1 month ago
I disagree, A won't fix the escaping issue properly.
upvoted 0 times
...
Rolland
2 months ago
Wait, are we really allowing JavaScript in the search? That's risky!
upvoted 0 times
...
Amie
2 months ago
I think D is a solid option too, but not sure if it's the best.
upvoted 0 times
...
Glory
2 months ago
Option B seems like the best choice for XSS protection.
upvoted 0 times
...
Chaya
2 months ago
I recall that using is generally a good practice for escaping, but I can't remember if it's the right choice here.
upvoted 0 times
...
Wynell
2 months ago
I'm a bit confused about the difference between 'jshtmr' and 'jsblock'—I feel like I need to review those examples again.
upvoted 0 times
...
Nieves
3 months ago
I think option C sounds familiar; it might be the one we practiced that uses 'jsblock' encoding.
upvoted 0 times
...
Vallie
3 months ago
I remember we discussed XSS prevention techniques, but I'm not entirely sure which encoding method is the best for this case.
upvoted 0 times
...

Save Cancel