Skip to content

Dave Helgerson

Salesforce Software Development and Consulting

Menu
  • Contact
  • Resume
Menu

HTML Line Breaks in Visualforce using Escape=false with Encoding

February 12, 2015February 12, 2015

Using a Visualforce tag with the escape=off option may help send an html tag like a line break to the page. However, escape=off can open cross-site scripting vulnerabilities. Visualforce encoding functions HTMLENCODE, JSENCODE, JSINHTMLENCODE, and URLENCODE help avoid the vulnerabilities, but they also prevent \n new line characters and html tags from showing on the page.

I wanted an html line break <br /> to show on a page, but the JSENCODE function changes brackets into unicode \uC003C and \u003e equivalents. If you’re only expecting line breaks, one way around this is to wrap the SUBSTITUE function around the JSENCODE.

// in a VF tag


// out of a VF tag
{!SUBSTITUTE(JSENCODE(myVariable1), '\\u003Cbr /\\u003E', '
'))}

Related

1 thought on “HTML Line Breaks in Visualforce using Escape=false with Encoding”

  1. Karthi Xavi says:
    August 30, 2016 at 8:37 am

    Great..!,Worked like a charm, Thanks

Comments are closed.

Super Clone Pro
© 2023 Dave Helgerson | Powered by Minimalist Blog WordPress Theme