I'm checking to see whether the original input (attributes.input) is the same as the scrubbed result (tmp). If caller.check GT 0 then I email myself the details and throw them out to google!
My theory being is if somebody is "playing" with the urls I don't want to show them the scrubbed result (in case I've missed something) and for 99% of bona-fida users the caller.check will always return "0" - in which case I do nothing.
<cfif attributes.compare_strings is "compare">
<cfset caller.check=CompareNoCase(attributes.input,tmp)>
</cfif>
> CodeCleaner is an absolutely fantastic tag. Runs like lightning. I
> use cfqueryparam but nonetheless I still scrub form inputs with it.
>
> What did you need to modify in CodeCleaner to make it scrub urls? I
> glanced at it very quickly and it seems like it'll take whatever you
> feed it.
>
>
>
> --
> -------------------------------------------
> Matt Robertson, [EMAIL PROTECTED]
> MSB Designs, Inc. http://mysecretbase.com
> -------------------------------------------
>
--
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- Re: Securing CF Apps against SQL Injection & Cross Si... Andrew Grosset
- Re: Securing CF Apps against SQL Injection & Cro... Andrew Grosset
- Re: Securing CF Apps against SQL Injection & Cro... Matt Robertson
- Re: Securing CF Apps against SQL Injection &... Andrew Grosset
- Re: Securing CF Apps against SQL Injection &... Thomas Chiverton
- Re: Securing CF Apps against SQL Injecti... Andrew Grosset
- Re: Securing CF Apps against SQL In... Andrew Grosset
- Re: Securing CF Apps against SQL In... Matt Robertson
- Re: Securing CF Apps against SQ... Andrew Grosset
- Re: Securing CF Apps agains... Thomas Chiverton
- Re: Securing CF Apps against SQL Injection &... Jim Louis
- Re: Securing CF Apps against SQL Injection & Cro... Matt Robertson
- Re: Securing CF Apps against SQL Injection & Cro... Matt Robertson