You can use RegEx to remove any html or JS in your input field for instance. There are a couple of custom tags that are intended to reduce or elimnate that that sort of thing. For instance CF_FormFilter does exactly this:
http://devex.macromedia.com/developer/gallery/info.cfm?ID=0FFF0D11-BF26-11D5 -83F700508B94F85A&method=Full hth, larry -- Larry C. Lyons ColdFusion/Web Developer Certified Advanced ColdFusion 5 Developer EBStor.com 8870 Rixlew Lane, Suite 204 Manassas, Virginia 20109-3795 tel: (703) 393-7930 fax: (703) 393-2659 Web: http://www.ebstor.com email: [EMAIL PROTECTED] Chaos, panic, and disorder - my work here is done. -- > -----Original Message----- > From: Cantrell, Adam [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 27, 2002 11:02 AM > To: CF-Community > Subject: securing forms/user input > > > In a past life I've done this before, but I was hoping > somebody could give > me a refresher. How are you guys generally dealing with > people entering > things like: > > <IMG SRC="javascript:alert('unsecure')"> > > into text inputs on your websites? Do you just use > #htmlEditFormat(form.myField)# on the action page? Does anyone have an > online resource, or possibly a custom tag that deals with > issues such as > these? Going live with a few sites next week and want to make > sure I have > all my bases covered with the $cr1p7 k1dd13 H4X0RZ!!!! > > $$Gr33tz$$ > > ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
