Question 1

How do I validate a credit card number in Apex with ESAPI?

Accepted Answer

Use ESAPI.validator().getValidCreditCard(input, false) for exception-based validation or isValidCreditCard() for boolean checks, as shown in the README. This ensures server-side validation to prevent injection attacks in Salesforce custom code.

Question 2

What's the difference between ESAPI and Salesforce's native Visualforce encoding functions?

Accepted Answer

ESAPI provides encoding functions like SFDC_HTMLENCODE within Apex classes, allowing programmatic control, while native functions are limited to Visualforce markup. ESAPI integrates encoding into business logic for more flexible security handling, as highlighted in the output encoding example.

Question 3

How to enforce CRUD permissions in Apex using ESAPI?

Accepted Answer

Call ESAPI.accessController().updateAsUser(sObject, fields) to perform updates in user context, enforcing CRUD and FLS. Wrap it in a try-catch block to handle SFDCAccessControlException, as demonstrated in the access control section of the README.

Question 4

Is Force.com ESAPI compatible with Salesforce DX?

Accepted Answer

Yes, ESAPI can be deployed to Salesforce orgs managed with Salesforce DX by uploading the classes or using the provided one-click deployment link. However, it's not natively integrated into DX workflows, requiring manual steps for setup and updates.

Question 5

Force.com ESAPI vs writing custom validation code – which is better?

Accepted Answer

ESAPI offers a standardized, tested approach to security, reducing manual errors and ensuring compliance with best practices. Custom code might offer more flexibility but can introduce vulnerabilities, so ESAPI is recommended for team-based or regulated environments.

Question 6

How to handle access control violations in ESAPI?

Accepted Answer

Catch SFDCAccessControlException in try-catch blocks after access controller calls, then use e.getMessage() or specific methods like getExceptionType() to log or display secure error messages, as shown in the README example for detailed exception handling.

Force.com ESAPI

What is Force.com ESAPI?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions