Hello, 

I included the tag "<strong>" in my role and I was successful in the final result, but the service studio presents this alert and I don't know what is the best way to correct it:

"Ensure the expression is protected by using EncodeHTML(), EncodeJavascript(), or SanitizeHtml() from the Sanitization extension, to avoid security flaws."

Can someone let me know what the better way to do this?

Best Regards, 

Jessica Marques. 



Hi,

Why not to have 4 different expression for each particular set & apply style to them.

And they you keep all the expression under same container to render in a similar style.


This way you don't need to go via having html in expression.


Hope it helps,

Assif

Solution

Hi Jessica,


In order to resolve these warnings you should use the expressions (not the literal text) inside EncodeHTML(), in your case EncodeHTML(BookTable.List.Current.Book.Author) and the other fields.


Cheers,

João Marques

Solution

João Marques wrote:

Hi Jessica,


In order to resolve these warnings you should use the expressions (not the literal text) inside EncodeHTML(), in your case EncodeHTML(BookTable.List.Current.Book.Author) and the other fields.


Cheers,

João Marques

I was trying to insert the tag "<strong>" expression EncodeHTLML(). 

But now I did it the way you explained and it worked perfectly.

"Autor <strong>" + EncodeHtml(BookTable.List.Current.Book.Author)  + "</strong> pela editora  " + "<strong>"+ EncodeHtml(GetBooksWithOrWithoutPublishers.List.Current.Publisher.Name )+ " </strong> | " + BookTable.List.Current.Book.Year

Thank you for your help.

Cheers, 

Jessica Marques. 

 

assif_tiger wrote:

Hi,

Why not to have 4 different expression for each particular set & apply style to them.

And they you keep all the expression under same container to render in a similar style.


This way you don't need to go via having html in expression.


Hope it helps,

Assif

Hi,  

Well, this is how I usually do it. But I would like to try within the same expression, as a way of learning.

Regards, 

Jessica.