>> trying to download the last version of CF4em >> check out the bbmlparser there.
I decided to spend an evening fully investigating the subject and looked at all the various BBML code routines in CF, PHP and Perl to see what I could glean. It looks like just about all the ones I could find have the same approach and the same basic vulnerabilities as the one in the forum I am fixing. For basic formatting, like bold, italicize, underline...etc the process is straight forward and doesn't involve using any user input as part of the tag. Just replace the entire [] tag with entire <> tag. However the with URL, image and font type tags where the construction of the tag uses the user input as part of the of the HTML tag just about all the routines I saw fail to sanitize the user input content used in the construction of the tag, allowing for the injection of JavaScript code. Example: in an image tag like [img]image.gif[/img] almost all routines I found look for the start tag and end tag then extract the middle re-format the tags to HTML tags and re-insert the middle portion without checking it. Same for URL and Font tags. None of the routines I saw even validate or remove invalid characters for URI construction. So it is easy then for someone to add scripting by doing this: [img]img.gif"onMouseOver="alert('gotcha');[/img] For image and URL tags I test for and remove all quote tags and non-URI valid tags. The font tags were more difficult since they may contain other tags between beginning and end so since hardly anyone was using the [font] tags and apparently most forums do not support them, I just removed them entirely. Want to find holes in your code? Just dare 13-16 year olds to break it. :) Dennis Powers UXB Internet - A website Design and Hosting Company P.O. Box 6028, Wolcott, CT 06716 - T:203-879-2844 W: http://www.uxbinternet.com W: http://www.ctbusinesslist.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359112 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm