Hi cftalk: We are running CF8.
I am seeing a strange application error "ScriptProtect error replacing insecure tag in scope CGI. The error occurred on line -1.". Strangely, there are very few google references to this error, and absolutely no explanations / solutions that I can find. We use ScriptProtect = "ALL", and most of the time URL/FORM substitution works fine. It converts "<script" to "<INVALIDTAG" as expected, etc. However, we get this ScriptProtect error if we pass in the URL: http://www.SERVER.com/search.cfm?querystring=javascript:alert%28412898284482%29 Clearly this has nothing to do with the CGI scope, so I'm a little confused at why an error is being thrown. Our neo-security.xml file contains this bit, which deals with javascript: <var name="javascript:"> <string>java-script:</string> </var> Thanks for any help! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:334810 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm