Basically what it is doing is looping over all the form fields that have been submitted to a page and then reassigning the Form field with its value minus all the html tags that may have been submitted...
So if someone were to post a Textarea called Foo with the value <b>Hi</b> then after this code is run the form field Form.Foo will now equal Hi and not <b>Hi</b> HTH -----Original Message----- From: Rafael (Alan Bleiweiss) [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 22, 2002 19:33 To: CF-Talk Subject: RE: Preventing XSS At 05:38 PM 09/22/2002 +0100, you wrote: ><CFLOOP COLLECTION="#FORM#" ITEM="itmField"> > <CFSET "FORM.#itmField#" = StripHTML(FORM[itmField])> ></CFLOOP> In the above loop, the collection referred to is "#FORM#" - which is a variable named FORM - and that's got me lost - does it imply that the form can have a variable name assigned to it? ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
