Just use htmlEditFormat. That should catch most everything. ======================================================================== === Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc (www.mindseye.com) Member of Team Macromedia (http://www.macromedia.com/go/teammacromedia)
Email : [EMAIL PROTECTED] Blog : www.camdenfamily.com/morpheus/blog Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -----Original Message----- > From: Brook Davies [mailto:[EMAIL PROTECTED] > Sent: Friday, July 11, 2003 12:34 PM > To: CF-Talk > Subject: OT: Cross site scripting > > > Hello, > > I am trying to figure out what user input I need to clean and > strip things > like > "SCRIPT,OBJECT,APPLET,EMBED,FORM,LAYER,ILAYER,FRAME,IFRAME,FRA > MESET,PARAM,META" > from. My site allows users to create their own webpages, so > should I care > if they can put scripts or applets on THEIR OWN page? > > Should I only be concerned about user input that dispays via > a common area > (like a message board), that could then be used to redirect > users to 3rd > party site or so forth. Or should I be concerned even about > my users own > pages that they publish? > > Brook > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
