Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce DEX-450 Exam - Topic 6 Question 34 Discussion

A developer has a Apex controller for a Visualforce page that takes an ID as a URL parameter. How should the developer prevent a cross site scripting vulnerability?
B) ApexPages.currentPage() .getParameters() .get('url_param') .escapeHtml4()
A) ApexPages.currentPage() .getParameters() .get('url_param')
C) String.ValueOf(ApexPages.currentPage() .getParameters() .get('url_param'))
D) String.escapeSingleQuotes(ApexPages.currentPage() .getParameters(). get('url_param'))

Salesforce DEX-450 Exam - Topic 6 Question 34 Discussion

Actual exam question for Salesforce's DEX-450 exam
Question #: 34
Topic #: 6
[All DEX-450 Questions]

A developer has a Apex controller for a Visualforce page that takes an ID as a URL parameter. How should the developer prevent a cross site scripting vulnerability?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Kirk at May 05, 2022, 11:33 PM

Limited Time Offer

25%

Off

Get Premium DEX-450 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Paris
7 months ago
Isn't escaping single quotes enough? Seems risky.
upvoted 0 times
...
Vanda
7 months ago
I disagree, option D doesn't cover all cases.
upvoted 0 times
...
Shawana
7 months ago
Surprised that people still overlook XSS vulnerabilities!
upvoted 0 times
...
Rodolfo
8 months ago
I think option A is fine too, but not safe enough.
upvoted 0 times
...
Demetra
8 months ago
Option B is definitely the way to go!
upvoted 0 times
...
Lashaun
8 months ago
I’m a bit confused about the difference between escapeHtml4() and escapeSingleQuotes. Would both help prevent XSS?
upvoted 0 times
...
Marg
8 months ago
I think we had a similar question in our practice exam, and I believe using escapeHtml4() was emphasized as a best practice.
upvoted 0 times
...
Royal
8 months ago
I'm not entirely sure, but I feel like just getting the parameter without any escaping could leave us open to attacks.
upvoted 0 times
...
Corinne
8 months ago
I remember we talked about escaping HTML to prevent XSS vulnerabilities, so I think option B might be the right choice.
upvoted 0 times
...
Marylyn
8 months ago
This seems like a tricky question. I'll need to think through the requirements carefully to determine the best strategy.
upvoted 0 times
...
Elroy
8 months ago
This seems like a straightforward question about how to handle on-site sales and installations in the Field Service mobile app. I think I have a good understanding of the options presented.
upvoted 0 times
...
Vernice
8 months ago
HIPAA, got it. That's the key law that sets the standards for protecting patient information in hospitals and other healthcare settings.
upvoted 0 times
...
Essie
8 months ago
This question seems straightforward. I'll carefully read through the criteria and select the ones that best match the definition of a CMS.
upvoted 0 times
...
Ashley
8 months ago
This is a good question to test our knowledge of Decision Center security. I'll draw on my experience configuring Decision Center to identify the most appropriate set of roles listed in the options.
upvoted 0 times
...
France
8 months ago
This seems straightforward enough. I'll just need to do the math step-by-step to find the sales figure that would result in a $200,000 profit, given the breakeven point and fixed costs.
upvoted 0 times
...

Save Cancel