How to prevent cross site scripting in ColdFusion. Useful page from The Dev Shack:
http://www.thedevshack.com/preventing-xss-cross-site-scripting-attacks-in-coldfusion/
Essentially:
http://www.thedevshack.com/preventing-xss-cross-site-scripting-attacks-in-coldfusion/
Essentially:
- Enable Global Script Protection in your application. You can accomplish this by using the scriptProtect attribute in your application.cfc.
- You can also globally enable script protection at the server level via the ColdFusion Administrator. Under settings check Enable Global Script Protection.
- Use HTMLEditFormat around ANY variables that contain user submitted input.
- Search and replace any maliciuous data. Replace script tags, etc… with nothing.
- Validate user submitted input on the server side. Check data types and lengths.
Comments
Aaron Greenlee
htp://www.aarongreenlee.com/