Todd,
Nice question - I'm interested in a tag / functions / pain-in-the-but-
work-around that would remove just the CFML tags. Previous to your post, I
failed to realize that if I allow people to submit HTML tags along with
their text, they could also submit CFML tags, creating a major security
hazard. :-(
Any ideas, great and wonderful CF gurus?
- Jay
----- Original Message -----
From: "Todd Ashworth" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 09, 2000 10:07 AM
Subject: CFML be gone!
> I have some forms where people can dump text into a dtabase that is then
> displayed on another page. I do wish to allow HTML to be submitted, for
> formatting if they desire, but I DO NOT want them to be able to submit
CFML,
> since I have CFFILE and CFDIRECTORY enabled .. and so-on.
>
> I have found several tags that remove HTML or HTML and CFML .. Is there a
> tag that only removes CFML?
>
> Would there be any reason not to allow them to submit HTML as well? If
so,
> is there a way to limit the HTML to only the basic formatting tags (font,
p,
> br, etc.)?
>
> .Todd
>
>
> --------------------------------------------------------------------------
----
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
