I wrote a simple routine that would loop through all the form elements, strip out HTML, and change single quotes to chr(97). It'd be easy enough to do something similar for cfcode - just check for the <CF or specific CF functions. A simple search/replace, or regular expression can handle this.
If you need it, I can dig out my routine, but it's simple enough that it can be recreated from scratch in about 30 minutes. Shawn Grover -----Original Message----- From: Tangorre, Michael T. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:38 PM To: CF-Talk Subject: Forms and CF Code Hi Everyone. What steps can be taken to prevent users from submitting cfcode via a form? Is there any tags out there that will protect? Any ideas suggestions would be much appreciated. Michael T. Tangorre ============================ Resident Assistant - Brick Web Applications Developer A.U. Webteam Slave :-) AIM: CrazyFlash4 ============================ ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
