You can wrap any user input in xmlformat() to rid yourself of any special characters. I would use that around the function that sends the stuff to your security software.
-----Original Message----- From: Matt Quackenbush [mailto:quackfu...@gmail.com] Sent: Wednesday, February 01, 2012 3:46 PM To: cf-talk Subject: Re: Santizing User Input That VB script just uses a regular expression (already written for you). All you need to do is use it in conjunction with ColdFusion's built-in `reFind()` or `reFindNoCase()` functions. http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e08 11cbec22c24-7e9a.html http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e08 11cbec22c24-7e99.html So, something like so: if ( reFind( "^[\w\.:\?&=/]*$" , myString ) ) { // oops, they failed... handle appropriately } HTH On Wed, Feb 1, 2012 at 3:33 PM, douglas cohn <douglas.c...@gmail.com> wrote: > > I recently received a notice that my PCI security scan failed. > > One further review it seems we have a PDF that we use to show some of > our products and the PDF was created from a POWERPOINT Presentation. > > It appears there is a single HTM page that caused the alert. The > company stated the following (see below). What I am looking for is a > way to control user input within CF. I found an MS page that has a VB > script but would prefer something in CF. > http://msdn.microsoft.com/en-us/library/ms525361%28v=vs.90%29.aspx > > From the Security Company > > You will need to make sure all user input is being sanitized of all > special characters. This may not be bringing up the alert, but because > the special characters are not sanitized, it leaves open the > possibility that a malicious attacker could get their scripts to execute. > > Thanks so much for any assistance > > Doug > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349737 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
