I wouldn't be worried about CFML (tags) inside a form element, unless you are writing the content to a file, and then exciting the file (bad idea). And I wouldn't be worried about CFML functions in the code unless you will be calling Evaluate on the data.
What I would be worried about is people passing SQL into your fields, someone on this list put together a web page about that a couple months ago, check the archives, or hopefully someone could repost the url. +++++++++++++++++++++++++++++++++++++++++ Pete Freitag ([EMAIL PROTECTED]) CFDEV.COM ColdFusion Developer Resources http://www.cfdev.com/ -----Original Message----- From: Michael T. Tangorre [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 28, 2001 5:13 PM To: CF-Talk Subject: Security with forms Hey everyone, are there any good tags out there that will check and make sure or strip out any CF code that might be inserted into a form element... Thanks, Mike ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
