Thanks for the fix too - I'm rolling that into my code right #now()# :-) On 2/16/06, Rick Root <[EMAIL PROTECTED]> wrote: > Robertson-Ravo, Neil (RX) wrote: > > What is the security risk? Many hands make light work... > > Basically, in CFAJAX 1.3, if you pass a string argument to a function, > and your string argument contains # escaped CFML code, the CFML executes > on the server.
-- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:232441 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54