If you take a look at the article below on MSDN, you will see that they
suggest using regex, and using HTML encode all input when it is used as
output tp prevent cross site scripting, buffer overflows etc.
http://msdn.microsoft.com/security/understanding/overview/default.aspx?p
ull=/msdnmag/issues/02/09/securitytips/default.aspx
________________________________
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: 13 May 2004 10:42
To: CF-Talk
Subject: Re: Securing CF Apps against SQL Injection & Cross Site
Scripting
Ian Vaughan wrote:
> How could I prevent
>
> ?name=<script>alert('hi!');</script>
>
> this type of input being added to the URL in Coldfusion ??
You can never prevent a visitor from adding things to a URL, you
can only design your application to respond properly to what has
been added to a URL. That means you first have to define what a
proper response would be and after that we might be able to help
you code for it.
Jochem
--
I don't get it
immigrants don't work
and steal our jobs
- Loesje
________________________________
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
