I tend to use Ray's StripHTML...
http://www.cflib.org/udf.cfm?ID=12
And then something like...
<CFLOOP COLLECTION="#FORM#" ITEM="itmField">
<CFSET "FORM.#itmField#" = StripHTML(FORM[itmField])>
</CFLOOP>
On the action page...
The only thing you need to watch out for Is that if you are uploading
files these should not be in the loop so <CFIF> them out...
HTH
-----Original Message-----
From: Cantrell, Adam [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 27, 2002 16:02
To: CF-Community
Subject: securing forms/user input
In a past life I've done this before, but I was hoping somebody could
give me a refresher. How are you guys generally dealing with people
entering things like:
<IMG SRC="javascript:alert('unsecure')">
into text inputs on your websites? Do you just use
#htmlEditFormat(form.myField)# on the action page? Does anyone have an
online resource, or possibly a custom tag that deals with issues such as
these? Going live with a few sites next week and want to make sure I
have all my bases covered with the $cr1p7 k1dd13 H4X0RZ!!!!
$$Gr33tz$$
______________________________________________________________________
Signup for the Fusion Authority news alert and keep up with the latest news in
ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
