I'm using the custom tag inputfilter.cfm to stop XXS (cross site scripting)..but it doesn't seem to work consistantly..
I have a form set up to take input
and the action page.. I have this:
<cf_inputFilter scopes="form" tags="script,embed,applet,object">
So in my form Input a script tag with an js alert function to pass to the action page
It worked sort of
On my local pc (win xp pro IIS MX 6.1) on the action page I get a _javascript_ alert box..but out putting the passed form fields on the page..shows the the script tag has been stripped..
On my production server (win2003 IIS6 MX6.1)
the same test same pages..no _javascript_ alert box?
WAny idea of why I get the alertbox on my box?
TIA
Mark Holm
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
