Why would anyone need to clean cfcode? Unless you save user input to a file and cfinclude it, it will not get executed.
FYI, to clean HTML and stuff, look for StripHTML on cflib.org. ======================================================================= Raymond Camden, Principal Spectra Compliance Engineer for Macromedia Email : [EMAIL PROTECTED] Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -----Original Message----- > From: Jennifer Larkin [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 18, 2001 7:14 PM > To: CF-Talk > Subject: RE: Forms and CF Code > > > In addition to CF code, you may need to strip out other > characters to avoid > SQL hacks and such. If I can, I strip all < > ; # % * ' ( ) > and , with > REReplace or use REFind to detect the nasty ones and throw an error > message, including sending an email message to me. < and > > eliminate the > functionality of <CF..>. # can be icky if it comes up in a > bad place. ( and > ) missing will eliminate the functionality of a CF function. > ; can be used > in a query to do nasty things like execute a second SQL > command in your > CFQuery and drop your tables. % is a sql wildcard so a user > could get more > returns than you want them to. , has caused me a lot of > problems when I try > to dump the data to a text file. * just makes me nervous. *twitch* > > At 04:02 PM 12/18/01 -0700, you wrote: > >I wrote a simple routine that would loop through all the > form elements, > >strip out HTML, and change single quotes to chr(97). It'd > be easy enough to > >do something similar for cfcode - just check for the <CF or > specific CF > >functions. A simple search/replace, or regular expression > can handle this. > > > >If you need it, I can dig out my routine, but it's simple > enough that it can > >be recreated from scratch in about 30 minutes. > > ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
