This fix is needed if Global Script Protection is not
enabled. I wonder if it's a vulnerability if Global Script
Protection is ON and a specific application disables the
script protection using the scriptProtect parameter of the
cfapplication tag.
Anybody know?
Patch for XSS when
I'm not sure Chris,
It might be worth noting that scriptProtect does have a few holes in I think
so don't rely on it too much, put your own validation in place as well.
Rob
-Original Message-
From: Chris Norloff [mailto:[EMAIL PROTECTED]
Sent: 07 June 2007 15:33
To: CF-Talk
Subject:
2 matches
Mail list logo