[Deeplink Redirect Web] How to ensure expression is protected by using  encodejavascript() or encodehtml()
Forge component by Jordy Heijnen
Application Type
Traditional Web

Hey all,

I' m using this deeplink component for redirection the webblock for traditional web has this expression with javascript

"<script type='text/javascript'>

    // Setting the regular scheme-based URL to open the app 
    var custom = '" + ToLower(AppIdentifier) + "://" + AppModule + "/" + Screen + If(Parameters = "","","?" + Parameters) + "';

    // Creating an intent as per https://developer.chrome.com/multidevice/android/intents , with a fallback URL
    var g_intent = 'intent://" + AppModule + "/" + Screen + If(Parameters = "","","?" + Parameters) + 
    "#Intent;scheme=" + ToLower(AppIdentifier) + ";package=" + ToLower(AppIdentifier) + ";S.browser_fallback_url="+ FallbackURL +";end';

    // set the correct iOS App Store and Android Play Store URLs for manual redirect     
    var appstore = '" + AppStoreURL + "';
    var playstore = '" + PlayStoreURL + "';
    var fallbackurl = '" + FallbackURL + "';

    // Force the use of intents for all browsers on Android (useful if you have uppercase letters in the app identifiers)
    var forceintent = " + If(Site.Android_ForceIntentURI,"true","false") + ";

    var heartbeat;
    var iframe_timer;
    var timer;

    detectMobileOrDesktop();
    //function above has replaced : launch_app_or_alt_url($(this));

</script>"

I'm getting a warning to use encodejavascript() or encodehtml()  how do i do that without affecting the code execution

Thank & Regards

Hi Kanishaka,

I have used SanitizeHtml() function to remove the warnings. Just include your script in SanitizeHtml() action and see if warnings removed or not

Regards,

Komal

Hi Komal ,

It did remove the warning but the code did not  execute

Hi Kanishka,

You can Use EncodeJavaScript() function .
eg.

var appstore = '" + EncodeJavaScript(AppStoreURL) + "';

You can also refer this link :
https://success.outsystems.com/Documentation/11/Reference/Errors_and_Warnings/Warnings/HTML_Injection_Warning

Regards,
Sharad Pawar

Hey i did do the same as above for the javascript literals but it didnot remove the warning

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.