Isn't that the whole point of a CMS? It should negate the need for users to "code"
"This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant, Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business, Registered in England, Number 678540. It contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender or call our switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions." Visit our website at http://www.reedexpo.com -----Original Message----- From: Mary Jo Sminkey To: CF-Talk Sent: Tue Mar 06 21:56:07 2007 Subject: Re: XSS - Cross Site Scripting >Surely there can be no real justification for them to do JS which you do not >provide as a developer? In a CMS there certainly may be. I've run into similar issues with CFWebstore where customers often want to input some kind of custom script in some pages (Bizrate popup during checkout for instance). The pseudo-tag method works fine in these cases though as a way to get around the scriptprotect limitations. It certainly would be nice if you could override the settings on a page-by-page basis though. I'd love to hear some more ideas on what people are doing other than relying on ScriptProtect. Not all of my users are even on CF7, even if it did do the trick. --- Mary Jo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 & Flex 2. Free Trial http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:271799 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
