There was also a good discussion some time back about dis-allowing SQL
syntax as well..... Someone on the list did quite a bit of research on some
vulnerabilities, and made some tags that helped deal with that.
I wish I had kept that thread.. kind sir ... are you still out there???
Thx,
Steve
----- Original Message -----
From: "Todd Ashworth" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 09, 2000 7:07 AM
Subject: CFML be gone!
> I have some forms where people can dump text into a dtabase that is then
> displayed on another page. I do wish to allow HTML to be submitted, for
> formatting if they desire, but I DO NOT want them to be able to submit
CFML,
> since I have CFFILE and CFDIRECTORY enabled .. and so-on.
>
> I have found several tags that remove HTML or HTML and CFML .. Is there a
> tag that only removes CFML?
>
> Would there be any reason not to allow them to submit HTML as well? If
so,
> is there a way to limit the HTML to only the basic formatting tags (font,
p,
> br, etc.)?
>
> .Todd
>
>
> --------------------------------------------------------------------------
----
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
