- Enable Global Script Protection in your application. You can accomplish this by using the scriptProtect attribute in your application.cfc.
- You can also globally enable script protection at the server level via the ColdFusion Administrator. Under settings check Enable Global Script Protection.
- Use HTMLEditFormat around ANY variables that contain user submitted input.
- Search and replace any maliciuous data. Replace script tags, etc… with nothing.
- Validate user submitted input on the server side. Check data types and lengths.