Thanks for the suggestion Jacob.1 -----Original Message----- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: Saturday, October 28, 2006 8:23 AM To: CF-Talk Subject: RE: weird VB exploit
One security rule I've learned that instead of blocking known problems (ala virus definitins), one should only allow safe stuff and block everything else. In your case, instead of blocking iframe, and then later finding out something else is a problem, create a small list of formatting tags that you want to allow, and block /everything/ else. A simple regular expression will do this for you. Search the archives, I've seen a few questions where folks have done this. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258431 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
