Well, I'm not sure you've "missed" anything, but since you are asking for comments.....
First off, I think you might be better off passing the scope in by reference rather than by name, which would prevent you from needing to use evaluate() and do all that looping. You could then do something like this in your Application.cfm file: <CFSET application.oScopeFilter.ApplyFilter(form)> So, you see there that rather than passing the string "FORM" to the init, you just pass a reference to the whole scope to the method itself. That way you can just loop through the keys of whatever struct is passed in to do the filtering. This will make your code cleaner and faster inside the component, and give you more flexibility about the ways you can use a single instance of your ScopeFilter component. For instance, you could call it conditionally on a given page to filter a specific struct that might have come from somewhere else (or to filter the URL scope, for example). >From a functionality standpoint, the one thing you might also want to think about stripping are javascript strings that can occur inside of otherwise "friendly" tags. For instance, "onClick,onDblClick,onKeyDown,onKeyPress,onKeyUp,onMouseDown,onMouseOut,onMo useUp,onMouseOver,onBlur,onChange,onFocus,onSelect,javascript:" To see one way to handle that, check out the safeText() UDF at CFLIB.org that I built a while back: http://cflib.org/udf.cfm?ID=56 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Roland Collins > Sent: Tuesday, March 23, 2004 10:21 PM > To: [EMAIL PROTECTED] > Subject: [CFCDev] Application scoped CFC for filtering > > > Hey guys and gals, > > Attached is a CFC that we're going to use to filter certain content out of > ALL forms on our site. It's really just a modified version of the > cf_contentfilter custom tag on MM's site. Its purpose is to remove > potentially malicious code such as SCRIPT and IFRAME tags from > form inputs. > > In our implementation we store it in the application scope and > then call the > ApplyFilter method at the end of our application.cfm. ApplyFilter loops > over the form scope and removes the unwanted elements. Obviously > this needs > to be handled carefully since it's being stored in the > application scope, so > I was wondering if you might take a look at it to make sure I > haven't missed > anything. I have attached a stripped-down version of our application.cfm > and a test script as well. > > Any feedback would be appreciated. > > Thanks in advance, > Roland > ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
