>> DP_ParseBBML) has this flaw, I just tested it. I looked at all the open source CF based forums I could find and they all had the same flaw. Many used the DP_ParseBBML module or some variation on it.
>> Basically, I think if you prevent conversion of images with quotes, >> this goes away. That was my thinking as well. Or more precisely what I knew would stop the existing attack. What I did was modify the [IMG] conversion routine to disallow both standard and single quotes either base or encoded. I also disallowed semi-colon ";" because that can be used to chain script commands. But I am sure this is not a proper sanitization of the input. src = replaceNoCase(src, "#chr(34)#", "", "ALL"); src = replaceNoCase(src, "#chr(39)#", "", "ALL"); src = replaceNoCase(src, "%22", "", "ALL"); src = replaceNoCase(src, ";", "", "ALL"); src = replaceNoCase(src, "%3B", "", "ALL"); I still feel this is a stop-gap or just a response based approach and does not fully sanitize the input. I was hoping someone had existing code that did, because as I said it was a freebie. There is nothing like the panic of 13-16 year olds who get to see gay porn because a redirect was imbedded in the [IMG} tag of their favorite video game web forum. If anyone has better ideas to prevent this type of abuse please share them. Teenagers intent on doing mischief can be very clever and I am starting to slow down a bit. Dennis Powers UXB Internet - A Website Design & Hosting Company P.O. Box 6028 Wolcott, CT 06716 203-879-2844 http://www.uxbinternet.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336013 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
