When you display user entered data onto the screen that should not be parsed, use the function HTMLEditFormat().
> -----Original Message----- > From: Rafael (Alan Bleiweiss) [mailto:[EMAIL PROTECTED]] > Sent: Sunday, September 22, 2002 10:07 AM > To: CF-Talk > Subject: Preventing XSS > > > I'm working to lock down our web solutions across all client sites, and > it's been pretty intense implementing individual form-field level code to > filter out metacharacters <(# etc... Is there a CF tag out there that > allows this conversion to be automatically applied to an entire form's > fields regardless of how many fields, what the field names are, > or even if > some fields are null? > > ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
