Things to keep in mind while developing the Salesforce App-exchange Application

In this post, I will discuss what are the important parameters that need to be taken care while developing the App-Exchange Application using Salesforce. Before we dive into the concepts I would like to tell you that after developing the application, every application goes with the below security checks

  1. Checkmarx: – It is a free tool available to scan the Complete Code that is in your org where development has been done.
  2. Security Review: – The second step after submitting the code to the checkmarx and resolving all the issues is to Submit the package for the security review where salesforce representatives check the Quality of the code and functionality as well.

So, In order to develop the application which is secure and minimize the risk of data compromise or any other confidential information a developer must need to keep the following points into the mind while developing the application

1Cross-Site Scripting 
2S(O)QL Injection 
3Cross Site Request Forgery 
4Secure Communications and Cookies 
5Storing Secrets 
6Arbitrary Redirects 
7Access Control 
8Lightning Security Best Practices 
9Marketing Cloud App Security
10Secure PostMessage
11Secure WebSockets

Here is a Link to Trailhead module which explains everything about secure coding guidelines with the practical example

Resources: – 

  1. Salesforce Document
  2. Salesforce Security Guide
  3. An Overview of Security

URLFOR Function Explained – Salesforce

URLFOR Returns a relative URL for an action, s-control, Visualforce page, or a file in a static resource archive in a Visualforce page.
This can be used to return a reference to a file contained in a static resource archive (such as a .zip or .jar file). Below is the Syntax Overview of URL for function

{!URLFOR(target, [id], [inputs], [no override])} 

Below is the description of all the attributes in detail:

Target: Action, or any static resource for image or Javascript.

Id : Name that is Of String or record ID (depends on the “target”).

parameters: Additional parameters passed. Format: [parameters1=”value1″, parameters2=”value2″, parameters3 = value3]

no override: A Boolean flag. Set to true if to display a standard Salesforce page     regardless of whether you have defined an override for it (default false)  [nooverride=1] OR [nooverride=0] OR [nooverride=true] OR [nooverride=false]

The input values can be dynamic. For example, to include an account ID, specify:
{!URLFOR($Page.myVisualforcePage, null, [accountId=Account.Id])}

Edit – URLFOR($Action.Account.Edit, Account.Id, [nooverride=1])

View – URLFOR($Action.Account.View, Account.Id)

New  – URLFOR($Action.Account.New)

Delete – URLFOR($Action.Account.Delete, Account.Id)

List View – URLFOR($Action.Account.Tab,$ObjectType.Account)

Image – <apex:image url=”{!URLFOR($Resource.redflag)}” height=”50″ width=”50″ />

Note: – Some Object may have different OR more action for those Object you can find using.

Standard Object 

Setup -> Customize -> Object Name -> Button Links and Action 

Custom Object

Setup -> Create -> Objects -> Find Your Object -> Button Links and Actions

In General You can use the below Syntax $Action.sObjectType.Name

$Action – Defined the action

sObjectType – API name of the Salesforce Object

Name – Name of the Action that may be Edit, New, Edit and Delete, etc..


Here is a sample VF page for account Object, to see preview of the VF page append record Id of account Object into the URL like below in Red Color


Happy Learning 🙂 😉

Automatic style your VF into Lightning Experience – lightningStylesheets

After winter 18 release, you do not need to put external CSS into your VF page to make lightning ready. You can do this by following only three simple steps, Yes it is 100% right.

Salesforce has released a brand new tag lightningStylesheets which enable automatic style sheets to VF page to run into Lightning Environment.

You can put true or false as the value of the lightningStylesheets tag in apex page.


Follow three simple steps to make your VF page as lightning ready

  1. Make sure to check Available for Lightning Experience, Salesforce1, and Lightning Communities checkbox while developing VF page.
  2. Put lightningStylesheets=”true” syntax into page Tag.
  3. Put  tag on the top of the page.

VF page

Here is the code of VF page that I used for testing purpose.

<apex:page standardController=”Opportunity” tabStyle=”Opportunity” lightningStylesheets=”true” >
<apex:slds />
<apex:form >
<apex:pageBlock >
<apex:pageBlockSection columns=”2″>
<apex:inputField value=”{!Opportunity.Name}” />
<apex:inputField value=”{!Opportunity.StageName }” /> <br/>
<apex:inputField value=”{!Opportunity.CloseDate}” />
<apex:pageBlockButtons location=”bottom”>
<apex:commandButton action=”{!save}” value=”Save”/>
<apex:commandButton action=”{!cancel}” value=”Cancel”/>

You can see the demo image below

20171016_140900 (1).gif


Happy reading and coding 🙂


Use Lightning Component into VF page – Lightning OUT

Have you ever used lightning component into your VF page? Have you ever think why we should create VF page and Lightning Component for the same functionality?

In all of my projects that I am working, I have stopped creating VF pages and Yes, it is 80% true 🙂 but I used to work on VF page for those clients that are still into Salesforce Classic.


I always use my lightning component into my VF page and it is right approach as everyone(Meetups, Dreamforce, Webinars, Salesforce docs) are talking about Lightning and it is future.

In this tutorial, we will create a lightning component, its controller(.jsfile), and an apex class which will display a list of Account into Lightning Component.

We will create a Lightning Application which will extend lightning out js file and a VF page where we will call that Lightning Component.

All resources used in this tutorial are listed below and can be found at my Github Repo.

1 – AccountList.cmp – The component which displays the list of All the accounts

2 – AccountListController.js – JS file the controller of AccountList component to communicate with Apex class and set the data into the component attribute.

3 – AccountController.cls – The apex class to query account records.

4 – – The app which contains the AccountList component

5 – AccountListVF.vfp – The VF page, where we will call the lightning component.

Key points to remember: –

  1. use <apex:includeLightning /> tags at the beginning of VF page This component loads the JavaScript file used by Lightning Components for Visualforce.
  2. Lightning App must extend ltng:outApp library/interface.
  3. We can use $Lightning.use() many times into VF page but that must reference the same lightning app.
  4. We can only call those components that are referenced into the app.

<aura:application access=”Global” extends=”ltng:outApp” >
                      <c:AccountList ></c:AccountList>

Description of above code

access: – determines, if we can use the component throughout the Salesforce org or not acceptable values, are global, public, private

ltng:outApp: – Extending from ltng:outApp adds SLDS resources to the page to allow your Lightning components to be styled with the Salesforce Lightning Design System (SLDS). If you don’t want SLDS resources added to the page, extend from ltng:outAppUnstyled instead. using ltng:outApp we can access our lightning component into VF page or any external site.


<apex:page >
<apex:includeLightning />

        <– div where we will embed our lightning component –>

<div id=”lightning” />
$Lightning.use(“c:LightningOutDemoApp”, function() {
“VFpageValue” : “Woohoooo, Lightning Out is an amazing feature of Salesforce Lightning”
function(cmp) {



$Lightning.use(): – Refer the lightning application that we are using.

$Lightning.createComponent(): – Used to dynamically creating the lightning component.

You will find the complete code into my Github Repo.

Resources: –

Salesforce Document

Salesforce Document Lightning Out

Lightning Icon

Lightning Card

Difference between Render, reRender and renderAs

Most of the Salesforce Developers are confused when to use render, reRender, and reRender. So, here is explanation

Render: – Is used to show/hide the particular block, output panel or input/output fields based on the condition.

Example: – You have 2 fields one is visible and second is hidden, you want the second field to be visible when the first field is filled then use render.

<apex:pageBlockTable value=”{!empList}” var=”emp” rendered=”{!empList.size > 0}”>
                  <apex:column value=”{!emp.Name}”/>

reRerender: – Is used to refresh the particular output panel, block, and or fields after a server request has been completed. It uses Id to reRender.

Example: – You have a VF page where you want to add Contacts related to Account and also wanted to show the recently added Contacts then use reRender to refresh the block which is showing the contact list.

renderAs: – Is used to open the Visualforce Page in different format like- HTML, pdf, and excel

Example: – To show the invoice in PDF format.

for pdf – renderAs =”pdf”

for HTML – renderAs =”html”

for excel – <apex:page controller=”contactquery” contentType=”application/” cache=”true”>

For more info Visit Export data in Excel or PDF format using Visualforce

Difference between Action function, Action Support, and Action Poller

Action Function: –

Action Function is used in the Visualforce page to call the Service Side method using JavaScript and does not add the Ajax Request before calling the Controller method.

<apex:actionFunction name=”myactionfun” action=”{!actionFunctionTest}” reRender=”pgBlock, pbSection” />

Let us talk about above example. In any Javascript Method where the name of ActionFunction ( In our example myactionfun() ) will be invoked, it will call the controller method name actionFunctionTest. Example myactionfun();

Action Support: –

As the name indicates action support is used to provide the support to the input field where we can not get event either manually or external event. It adds the AJAX request to VF page and then Calls the Controller method. For

For example, if we want to call any server side method when input changes then we will go for action support because we can not get any event for this.

<apex:inputText value=”{!dummyString}” >
                      <apex:actionSupport event=”onchange” action=”{!actionSupportTest}”                                     reRender=”pgBlock, pbSection” />

Action Poller: –

A timer that sends an AJAX request to the server according to a time interval that you specify. Each request can result in a full or partial page update.

<apex:actionPoller action=”{!incrementCounter}” reRender=”counter” interval=”15″ enabled = “true” />

Enabled attribute is used to make poller as active or inactive by default value is true. If we provide false then poller will be inactivate.


Click Here for Live Demo.

For Complete Code Click Here.

Any questions come up in comment Section!

Dynamically Add rows in Visualforce Page

In this blog, I will show how to Dynamically Add and Delete Rows in Visual Force Page using Apex.

Problem: – X is a Salesforce Developer at ABC incorporation and X is working on Survey Module. X has developed the module which is working fine. Now, VP of ABC asked to add dynamic questions while sending the Survey User can add Dynamic Questions.

Solution: – X decided to develop a Dynamic Visualforce Page. In the VF page, there was a button “ADD” to add the dynamic questions. Below is sample VF page to dynamic add Accounts into Salesforce.


You can find the Complete code Here

Enjoy Coding 🙂 Happy Coding 🙂

Sort Values in Custom Picklist Visual Force Page – Solved!

Hi, I had get a chance to sort custom multi-picklist in one of my projects, and use of apex controller was restricted. So, I used JavaScript to achieve the same.

Below is the screenshot of the sample output


You can find the full code Here

Hope this will help others 🙂


Contributed  By: –

Avaneesh Singh (Salesforce Developer)