The AntiSamy project is maybe the best way to sanitize any user input out there.
-- Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/108193156965451149543 On Thu, Feb 2, 2012 at 8:33 AM, douglas cohn <douglas.c...@gmail.com> wrote: > > I recently received a notice that my PCI security scan failed. > > One further review it seems we have a PDF that we use to show some of our > products and the PDF was created from a POWERPOINT Presentation. > > It appears there is a single HTM page that caused the alert. The company > stated the following (see below). What I am looking for is a way to > control user input within CF. I found an MS page that has a VB script but > would prefer something in CF. > http://msdn.microsoft.com/en-us/library/ms525361%28v=vs.90%29.aspx > > From the Security Company > > You will need to make sure all user input is being sanitized of all > special characters. This may not be bringing up the alert, but because the > special characters are not sanitized, it leaves open the possibility that a > malicious attacker could get their scripts to execute. > > Thanks so much for any assistance > > Doug > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349738 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm