I tend to use Ray's StripHTML... http://www.cflib.org/udf.cfm?ID=12
And then something like... <CFLOOP COLLECTION="#FORM#" ITEM="itmField"> <CFSET "FORM.#itmField#" = StripHTML(FORM[itmField])> </CFLOOP> On the action page... The only thing you need to watch out for Is that if you are uploading files these should not be in the loop so <CFIF> them out... HTH -----Original Message----- From: Cantrell, Adam [mailto:[EMAIL PROTECTED]] Sent: Friday, September 27, 2002 16:02 To: CF-Community Subject: securing forms/user input In a past life I've done this before, but I was hoping somebody could give me a refresher. How are you guys generally dealing with people entering things like: <IMG SRC="javascript:alert('unsecure')"> into text inputs on your websites? Do you just use #htmlEditFormat(form.myField)# on the action page? Does anyone have an online resource, or possibly a custom tag that deals with issues such as these? Going live with a few sites next week and want to make sure I have all my bases covered with the $cr1p7 k1dd13 H4X0RZ!!!! $$Gr33tz$$ ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Archives: http://www.mail-archive.com/cf-community@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists