Prevent Cross Site scripting

Jacob Thu, 17 Apr 2008 14:01:06 -0700

If I added the following, would this prevent Cross Site Scripting issues:


<cfif   urldecode(cgi.QUERY_STRING) contains "<" or 
                urldecode(cgi.QUERY_STRING) contains ">" or
                urldecode(cgi.QUERY_STRING) contains "[" or
                urldecode(cgi.QUERY_STRING) contains "]" or
                urldecode(cgi.QUERY_STRING) contains "*" or
                urldecode(cgi.QUERY_STRING) contains "(" or
                urldecode(cgi.QUERY_STRING) contains ")" or
                urldecode(cgi.QUERY_STRING) contains "\" or
                urldecode(cgi.QUERY_STRING) contains "{" or
                urldecode(cgi.QUERY_STRING) contains "}" or
                urldecode(cgi.QUERY_STRING) contains "delete" or
                urldecode(cgi.QUERY_STRING) contains "drop" or
                urldecode(cgi.QUERY_STRING) contains "exe">
                
                        BAD STRING!
                <cfabort> 
                
</cfif>

Thanks Jacob


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;192386516;25150098;k

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:303696
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Prevent Cross Site scripting

Reply via email to