FYI, I've got a cfajax version of cfQuickDocs, as well as an ajaxCFC
version. I was able to pass this string in cfajax: #lcase('HA')# and it
worked. But this did NOT work in ajaxCFC.
> -----Original Message-----
> From: Rick Root
> Sent: Thursday, February 16, 2006 7:54 AM
>
> Robertson-Ravo, Neil (RX) wrote:
> > What is the security risk? Many hands make light work...
>
> Basically, in CFAJAX 1.3, if you pass a string argument to a
> function,
> and your string argument contains # escaped CFML code, the
> CFML executes
> on the server.
>
> in my example, if you typed #Now()# into the chat room,
> cfajax actually
> would process that and THEN pass the results to whatever
> function you're
> calling on the server.
>
> We're discussing it on the ajax list right now =)
>
> But the chat room is back online.
>
> http://www.opensourcecf.com/chat
[INFO] -- Access Manager:
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in
error, please immediately contact the sender and destroy the material in its
entirety, whether in electronic or hard copy format. Thank you. A2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:232444
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
