thats what i thought, but i was just checking that there isnt a way to get it to run :-)
cheers jamo > is the code stored in a db? > > if so, the code wont run when it's output. > > There's no evaluate() function for blocks of code... > > > On Wed, 3 Nov 2004 21:15:42 +1100, Jamie Lawrence Jenner > <[EMAIL PROTECTED]> wrote: > > hi, > > > > I have created a cms ecommerce system, which allows the user to insert > > html to customise their pages. I am paranoid about the security aspects as > > all users share the same datasource. > > > > Basically, i dont want any cf code to be inserted into the db, then used > > in a milicious way on the db. So far, i have in place a load find replace > > functions which replace <cf, <cfscript> blocks, <script> blocks etc. I also > > replace > and > > < with its html equivelant. Then convert them back on output. Is there anything i > > else i should be doing? > > > > cheers in advance > > > > Jamo > > > > --- > > You are currently subscribed to cfaussie as: [EMAIL PROTECTED] > > To unsubscribe send a blank email to [EMAIL PROTECTED] > > Aussie Macromedia Developers: http://lists.daemon.com.au/ > > --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
