I recently received a notice that my PCI security scan failed. One further review it seems we have a PDF that we use to show some of our products and the PDF was created from a POWERPOINT Presentation.
It appears there is a single HTM page that caused the alert. The company stated the following (see below). What I am looking for is a way to control user input within CF. I found an MS page that has a VB script but would prefer something in CF. http://msdn.microsoft.com/en-us/library/ms525361%28v=vs.90%29.aspx >From the Security Company You will need to make sure all user input is being sanitized of all special characters. This may not be bringing up the alert, but because the special characters are not sanitized, it leaves open the possibility that a malicious attacker could get their scripts to execute. Thanks so much for any assistance Doug ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349726 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
