Valid PDI Dumps shared by ExamDiscuss.com for Helping Passing PDI Exam! ExamDiscuss.com now offer the newest PDI exam dumps, the ExamDiscuss.com PDI exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com PDI dumps with Test Engine here:
Access PDI Dumps Premium Version
(205 Q&As Dumps, 35%OFF Special Discount Code: freecram)
Recent Comments (The most recent comments are at the top.)
Correct answer is C!
To prevent cross-site scripting (XSS) attacks in an Apex controller for a Visualforce site that takes an ID as a URL parameter, the developer should use a method that protects the input from potential XSS attacks.
The best option is:
C. ApexPages.currentPage().getParameters().get('url_param').escapeHtml4()
Justification:
The escapeHtml4() method ensures that special characters in the URL parameter (such as '<', '>', '&') are properly encoded, preventing them from being interpreted as HTML or JavaScript code. This is the safest way to protect your input from XSS attacks.
Other options:
A. String.ValueOf(ApexPages.currentPage().getParameters().get('url_param')): This option simply converts the parameter to a string, but does not protect against XSS.
B. String.escapeSingleQuotes(ApexPages.currentPage().getParameters().get('url_param')): The escapeSingleQuotes method only protects against SQL injections by escaping single quotes, but does not protect against XSS.
D. ApexPages.currentPage().getParameters().get('url_param'): This option offers no protection against XSS and simply retrieves the value of the URL parameter....
Correct answer is B