Surely there can be no real justification for them to do JS which you do not provide as a developer?
"This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant, Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business, Registered in England, Number 678540. It contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender or call our switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions." Visit our website at http://www.reedexpo.com -----Original Message----- From: Matt Robertson To: CF-Talk Sent: Tue Mar 06 22:45:44 2007 Subject: Re: XSS - Cross Site Scripting On 3/6/07, Dave Watts <[EMAIL PROTECTED]> wrote: > And, if you're going to allow users to provide arbitrary JavaScript, Its what the client demanded and based on their needs it was a justifiable request. By 'draconian' I meant that the protection is applied to all form inputs, regardless of user authentication or anything else you as a developer want to throw into the mix. Throwing a complete blanket over everything without regard to allowing individual exceptions is where I have a problem. By all means protect yourself from XSS, but I disagree with a system that doesn't allow you to bypass the rules as a developer if there's a good reason to do so. -- [EMAIL PROTECTED] Janitor, The Robertson Team mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:271794 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4