How can Coldfusion be used to filter metacharacters to reduce XSS Cross Site Scripting attacks.
I.E. Converting < > to < and > ( to ( ) to ) # to #(#) & to &(&) Has anybody on the list implemented this in their Coldfusion apps to protect against XSS ? And am I correct in saying that using CFQUERYPARAM protects your site from users inserting SQL metacharacters and commands into web based input fields in order to manipulate the execution of back end sql queries (SQL Injection) ? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208773 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
