I have a form with a number of text and textarea fields. Information
submitted is then written to a SQL Server Database. I want to prevent users
from typing in potentially malicious javascript in any of these fields.
One option is to loop through all the submitted form variables before
writing to the database and disable the script declaration by removing the
anchor brackets.
<cfloop list="my form fields">
<cfset form.fieldx=rereplacenocase(form.fieldx,"<","","ALL")>
<cfset form.fieldx=rereplacenocase(form.fieldx,">","","ALL")>
</cfloop>
This is fairly tedious and needs to be repeated for a number of forms. Is
there a more efficient way of preventing javascript from being submitted /
written to database in any of the forms across the entire site ?
Vishal.
______________________________________________________________________
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
