Salesforce Exam Salesforce Certified B2C Commerce Architect (Arch-303) Topic 2 Question 67 Discussion

Actual exam question for Salesforce's Salesforce Certified B2C Commerce Architect (Arch-303) exam

Question #: 67
Topic #: 2

[All Salesforce Certified B2C Commerce Architect (Arch-303) Questions]

A developer is checking for Cross Site Scripting (XSS) and found that the quick search is not escaped (allows inclusion of Javascript) in the following script:

How would the developer resolve this issue?

AReplace 'with double Quote*

BUse <isprint value='${searchPhrase}* encoding-'jshtmr />

CUse <isprint value='${searchPhrase} encoding-'jsblock' />

DUse <toprint value='${searchPhrase}' />

Show Suggested Answer

Suggested Answer: B

To resolve the issue of Cross Site Scripting (XSS) where the quick search is not escaped, the developer should use the <isprint> tag with the 'jshtml' encoding option (Answer B). This method ensures that any JavaScript included in the search phrase is properly escaped, preventing the execution of potentially malicious scripts. The 'jshtml' encoding is specifically designed to encode text for HTML contexts where JavaScript is embedded, providing a secure way to handle user input in Salesforce B2C Commerce.

by Adela at Aug 02, 2025, 01:43 PM

Limited Time Offer

25%

Off

Get Premium Salesforce Certified B2C Commerce Architect (Arch-303) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!