> I'm sorry if this seems like a very elementary problem, but its the
> first time I've had to deal with last century measurements - we
> converted to metric several decades ago.
Doood... this really has nothing to do with measurements and everything to
do with escaping text based on its output medium. You should be wrapping
ALL output variables in HTMLEditFormat when outputting something in HTML
that can contain arbitrary characters. This is the kind of stuff XSS is
made of. Imagine a well placed value that went something like this:
"> <script>alert('I have complete control of this webpage');</script>
~Brad
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313783
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
