That VB script just uses a regular expression (already written for you). All you need to do is use it in conjunction with ColdFusion's built-in `reFind()` or `reFindNoCase()` functions.
http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7e9a.html http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7e99.html So, something like so: if ( reFind( "^[\w\.:\?&=/]*$" , myString ) ) { // oops, they failed... handle appropriately } HTH On Wed, Feb 1, 2012 at 3:33 PM, douglas cohn <[email protected]> wrote: > > I recently received a notice that my PCI security scan failed. > > One further review it seems we have a PDF that we use to show some of our > products and the PDF was created from a POWERPOINT Presentation. > > It appears there is a single HTM page that caused the alert. The company > stated the following (see below). What I am looking for is a way to > control user input within CF. I found an MS page that has a VB script but > would prefer something in CF. > http://msdn.microsoft.com/en-us/library/ms525361%28v=vs.90%29.aspx > > From the Security Company > > You will need to make sure all user input is being sanitized of all > special characters. This may not be bringing up the alert, but because the > special characters are not sanitized, it leaves open the possibility that a > malicious attacker could get their scripts to execute. > > Thanks so much for any assistance > > Doug > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349727 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
