Chuck, Just a small point about cfqueryparam. It will not prevent XSS, just most sql injection attacks. So Portcullis covers those other areas as well.
John [email protected] twitter: john_mason_ On Tue, Nov 24, 2009 at 1:28 PM, Chuck <[email protected]> wrote: > Good stuff. Another point to remember to always use cfqueryparam, but > another line of defense doesn't hurt, especially for the img example. > Which doesn't show in Firefox by the way, so is it only an issue with > IE? > > -- > Model-Glue Sites: > Home Page: http://www.model-glue.com > Documentation: http://docs.model-glue.com > Bug Tracker: http://bugs.model-glue.com > Blog: http://www.model-glue.com/blog > > You received this message because you are subscribed to the Google > Groups "model-glue" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected]<model-glue%[email protected]> > For more options, visit this group at > http://groups.google.com/group/model-glue?hl=en > -- Model-Glue Sites: Home Page: http://www.model-glue.com Documentation: http://docs.model-glue.com Bug Tracker: http://bugs.model-glue.com Blog: http://www.model-glue.com/blog You received this message because you are subscribed to the Google Groups "model-glue" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/model-glue?hl=en
