Hello, everyone. I'm losing my mind swimming through the issue of filtering input variable scopes to stave off attacks. Something occurred to me: Why not just loop through all input variables and put them into HTMLEditFormat?
I know that this won't take care of SQL attacks, but in terms of scripting attacks, won't the simple replacement of < and > take care of it all? I suppose that it might not handle problems where the form variable is dynamically evaluated within a tag to generate a portion of the CFML code itself, but given that those are rare cases in my situation, why can't I just replace < and > and then apply special security measures to those rare cases? Thanks, Matthieu ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
