No, it's one more reason why developers should do what we can, in our development processes, to protect our applications (cfqueryparam, server-side variable validation, etc).
Noscript add on? Can you view, or do, anything on the web? ;) Steve "Cutter" Blades Adobe Certified Professional Advanced Macromedia ColdFusion MX 7 Developer Co-Author of "Learning Ext JS" http://www.packtpub.com/learning-ext-js/book _____________________________ http://blog.cutterscrossing.com Andrew Grosset wrote: another reason why I browse with firefox with the noscript add on..... Apparently, IE8 has "protection" that rewrites pages to protect from XSS attacks and there seems to be an issue with it that can actually introduce XSS attacks. http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:328655 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
