Hey guys and gals, Attached is a CFC that we're going to use to filter certain content out of ALL forms on our site. It's really just a modified version of the cf_contentfilter custom tag on MM's site. Its purpose is to remove potentially malicious code such as SCRIPT and IFRAME tags from form inputs.
In our implementation we store it in the application scope and then call the ApplyFilter method at the end of our application.cfm. ApplyFilter loops over the form scope and removes the unwanted elements. Obviously this needs to be handled carefully since it's being stored in the application scope, so I was wondering if you might take a look at it to make sure I haven't missed anything. I have attached a stripped-down version of our application.cfm and a test script as well. Any feedback would be appreciated. Thanks in advance, Roland
ScopeFilter.cfc
Description: Binary data
application.cfm
Description: Binary data
test.cfm
Description: Binary data
