Use htmlEditFormat(yourFieldName)
Douglas Brown Email: [EMAIL PROTECTED] ----- Original Message ----- From: "Vishal Narayan" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Saturday, July 21, 2001 11:51 PM Subject: Need to prevent javascript from being submitted in form > I have a form with a number of text and textarea fields. Information > submitted is then written to a SQL Server Database. I want to prevent users > from typing in potentially malicious javascript in any of these fields. > > One option is to loop through all the submitted form variables before > writing to the database and disable the script declaration by removing the > anchor brackets. > > <cfloop list="my form fields"> > > <cfset form.fieldx=rereplacenocase(form.fieldx,"<","","ALL")> > <cfset form.fieldx=rereplacenocase(form.fieldx,">","","ALL")> > > </cfloop> > > This is fairly tedious and needs to be repeated for a number of forms. Is > there a more efficient way of preventing javascript from being submitted / > written to database in any of the forms across the entire site ? > > Vishal. > > > > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
