Why store junk? if you're going to store data shouldn't it be escaped/purified before you store it? then you're escaping it once as opposed to escaping it 1000's of times every time you display/output it?
>> So what do you recommend instead? The built in xxs protection >> doesn't catch everything. > >I recommend that you consider accepting and storing "unsafe" strings, and >escape them appropriately when displaying them. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ > >Fig Leaf Training: Adobe/Google/Paperthin Certified Partners >http://training.figleaf.com/ > >WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! >http://www.webmaniacsconference.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:303792 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
