On 8/7/07, Paul Vernon wrote:
> I guess I should qualify that and say, use HTMLEditFormat() and
> HTMLCodeFormat() on any *untrusted* user submitted content.
What's this "trust" thing of which you speak? :-)
I was trying to find a catch-all for cfquery cuz I just whent thru this
same deal a
> > For XSS then you really should be looking at using HTMLEditFormat()
> and
> > HTMLCodeFormat() to make any user submitted content safe.
>
> Damn. What does that do to WYSIWYG stuff?!?! And CF8 has this shiny
> DHTML editor...
>
I guess I should qualify that and say, use HTMLEditFormat() an
On 8/6/07, Paul Vernon wrote:
> I don't know how many times we've seen the subject of this thread over the
> last few years but it generally ends with Jochem blowing holes in every type
> of contrived SQL injection protection and the general consensus ends up
> being if you are worried about SQL in
I don't know how many times we've seen the subject of this thread over the
last few years but it generally ends with Jochem blowing holes in every type
of contrived SQL injection protection and the general consensus ends up
being if you are worried about SQL injection, use CFQUERYPARAM.
For XSS th
On 8/6/07, Justin Scott wrote:
> > Anyways, while I'm percolating, anyone have any
> > ideas? Doable, not-doable, done? Hmmm
>
> There was a link to a site earlier today where I found a XSSBlock custom
> CFML tag that has an option to block basic SQL injection attacks:
>
> http://www.illumine
> Anyways, while I'm percolating, anyone have any
> ideas? Doable, not-doable, done? Hmmm
There was a link to a site earlier today where I found a XSSBlock custom
CFML tag that has an option to block basic SQL injection attacks:
http://www.illumineti.com/documents/xssblock.txt
-Justin Sco
I've inherited a fusebox site that doesn't seem to have much
in the way of cfqueryparamed user-entered variables...
There are a bunch of queries, so I'm thinking of how I could
work lazy-er and yet fun-er. It's been a bit since I messed
with FB, but I was thinking perhaps I could create a circuit
7 matches
Mail list logo