This fix is needed if Global Script Protection is not enabled. I wonder if it's a vulnerability if Global Script Protection is ON and a specific application disables the script protection using the scriptProtect parameter of the cfapplication tag.
Anybody know? Patch for XSS when Global Script Protection is not enabled http://www.adobe.com/support/security/bulletins/apsb07-03.html cfapplication info: http://download.macromedia.com/pub/documentation/en/coldfusion/mx7/cfmx7_cfml_ref.pdf ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:280376 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
