I'm using CFMX 6.1. :o) Robertson-Ravo, Neil (RX) wrote: > Doesn't CF7 provide out of the box features to stop this from happening. I > > > > > > > > > "This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant, > Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business, > Registered in England, Number 678540. It contains information which is > confidential and may also be privileged. It is for the exclusive use of the > intended recipient(s). If you are not the intended recipient(s) please note > that any form of distribution, copying or use of this communication or the > information in it is strictly prohibited and may be unlawful. If you have > received this communication in error please return it to the sender or call > our switchboard on +44 (0) 20 89107910. The opinions expressed within this > communication are not necessarily those expressed by Reed Exhibitions." > Visit our website at http://www.reedexpo.com > > -----Original Message----- > From: Rey Bango > To: CF-Talk > Sent: Fri Dec 22 04:21:51 2006 > Subject: SQL Injection Script > > Hi guys, > > I'm working on a script to prevent SQL injection code & XSS. The URL > that I'm passing looks like this: > > /productdisplay.cfm?c1=%27%22%29%3Cscript+id%3D%2280000000%22+%2F%3E > > and the value of the query param translates to: > > '")<script id="80000000" /> > > But when I go to use it in the code, I'm getting this: > > URL Parameters: > C1='") > > I've tried all different types of variations to ensure that the passed > data is preserved but its being truncated somehow. > > Any help would be appreciated. This is a tag that I'd like to develop > and place it out for the community. Its based on the safetext() cf > function from cflib by Nathan Dintenfass, Lena Aleksandrova and Javier > Julio. > > I'm just trying to build a wrapper around it. > > Rey... > > > >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:264898 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
