Salesforce Certified B2C Commerce Architect (Arch-303) Exam - Topic 1 Question 74 Discussion

Actual exam question for Salesforce's Salesforce Certified B2C Commerce Architect (Arch-303) exam

Question #: 74
Topic #: 1

[All Salesforce Certified B2C Commerce Architect (Arch-303) Questions]

A developer is checking for Cross Site Scripting (XSS) and found that the quick search is not escaped (allows inclusion of Javascript) in the following script:

How would the developer resolve this issue?

AReplace 'with double Quote*

BUse <isprint value='${searchPhrase}* encoding-'jshtmr />

CUse <isprint value='${searchPhrase} encoding-'jsblock' />

DUse <toprint value='${searchPhrase}' />

Show Suggested Answer

Suggested Answer: B

To resolve the issue of Cross Site Scripting (XSS) where the quick search is not escaped, the developer should use the <isprint> tag with the 'jshtml' encoding option (Answer B). This method ensures that any JavaScript included in the search phrase is properly escaped, preventing the execution of potentially malicious scripts. The 'jshtml' encoding is specifically designed to encode text for HTML contexts where JavaScript is embedded, providing a secure way to handle user input in Salesforce B2C Commerce.

by Halina at Mar 05, 2026, 08:27 AM

Limited Time Offer

25%

1 month ago

I remember we discussed XSS prevention techniques, but I'm not entirely sure which encoding method is the best for this case.

upvoted 0 times

...