Robert Everland wrote: > Or just add this to your application .cfm, allaire released it a while ago. > Works great. The tag is from <cfsilent> to </cfsilent> > > <cfmodule > template="customTags/inputfilter.cfm" > scopes = "FORM,COOKIE,URL" > chars = "),(,%,&,$,*,<,>,;" > tags = > "SCRIPT,OBJECT,APPLET,EMBED,FORM,LAYER,ILAYER,FRAME,IFRAME,FRAMESET,PARAM,ME > TA,TABLE,TD,TH,TR,HEAD,BODY,FONT,A,IMG,B,U,I,OL,UL">
You should be a little carefull with tags like this. For instance, not specifying any chars in combination with a form entry like below is still dangerous: <<object>script language="javascript> window.location = "http://www.macromedia.com";; </script> It should be fun if somebody posts that on your forum :) Jochem ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
