I don't understand how the Debugging options with a specific IP Address works.
If I check the Enable Robust Exception information on a production server (we
have no development server) and include only a specific IP Address, our website
still shows the Robust Exception information to ALL
Visitors to your production server should never see the raw exception
information, robust or not. Debugging should also be turned off on a
production server.
Create a custom exception handler template that either displays to you
the necessary info based on IP address or alternatively sends to
If the Enable Robust Exception information is disabled and
Enable Request Debugging Output is enabled, what information is
then shown only to that specific IP address?
Debug output is not the same as exception information. Every request,
whether there's an exception or not, will generate
Robust Exception information is the information that is displayed when an
error occurs.
Request Debugging Output is the debugging info that is displayed at the
bottom of every page.
Only Request Debugging Output will be restricted by IP address.
You should leave this enabled on a production
Thanks much for the suggestion Michael.
It does not seem to paste the date into the field though. Let meknow please if
I am missing something in my coding below:
script type=text/javascript
function show_now() {
var my_time = new Date();
document.myForm.myDate.value = my_time;
}
/script
Javascript is case-sensitive. I notice your form field is named mydate
instead of myDate
On Tue, Jan 4, 2011 at 9:57 AM, Orlini, Robert rorl...@hwwilson.com wrote:
Thanks much for the suggestion Michael.
It does not seem to paste the date into the field though. Let meknow please
if I am
Still not showing when I click the button. I also tried putting my_time into
the field.
RO
-Original Message-
From: Michael Grant mgr...@modus.bz
Sent: Tuesday, January 4, 2011 10:05am
To: cf-talk cf-talk@houseoffusion.com
Subject: Re: SOT: Show time in field on click
Javascript is
On 1/4/2011 7:16 AM, Orlini, Robert wrote:
Still not showing when I click the button. I also tried putting my_time into
the field.
RO
document.myForm.myDate.value = my_time;
IIRC, I believe that those refer to the ID's of DOM elements, not names. Try
changing your form to.
form
I notice you've also got the wrong form name. Change the form name mydate
to myDate and it will work.
Like this:
script type=text/javascript
function show_now() {
var my_time = new Date();
document.myForm.myDate.value = my_time;
}
/script
body bgcolor=#ff text=#00 link=#ff
No, they refer to the name attribute.
Otherwise it's document.getElementById(myDate).
On Tue, Jan 4, 2011 at 10:26 AM, Ian Skinner h...@ilsweb.com wrote:
On 1/4/2011 7:16 AM, Orlini, Robert wrote:
Still not showing when I click the button. I also tried putting my_time
into the field.
try this
document.getElementById('myDate').value = my_time;
your field must have an id of myDate
e.g.
input type=text name=myDate id=myDate
Russ
On Tue, Jan 4, 2011 at 3:27 PM, Michael Grant mgr...@modus.bz wrote:
No, they refer to the name attribute.
Otherwise it's
That did it. Thank you Mike and Russ!
RO
-Original Message-
From: Russ Michaels r...@michaels.me.uk
Sent: Tuesday, January 4, 2011 10:36am
To: cf-talk cf-talk@houseoffusion.com
Subject: Re: SOT: Show time in field on click
try this
document.getElementById('myDate').value = my_time;
That's not true at all. You don't need id defined.
The following code is completely functional.
html
head
script type=text/javascript
function show_now() {
var my_time = new Date();
document.myForm.myDate.value = my_time;
}
/script
/head
body
form name=myForm
input name=myDate type=text
You're welcome. Just remember that javascript is case-sensitive.
On Tue, Jan 4, 2011 at 10:39 AM, Orlini, Robert rorl...@hwwilson.comwrote:
That did it. Thank you Mike and Russ!
RO
-Original Message-
From: Russ Michaels r...@michaels.me.uk
Sent: Tuesday, January 4, 2011 10:36am
Russ/Mike,
Is there a way just to show the time and not the date?
script type=text/javascript
function show_now() {
var my_time = new Date();
document.getElementById('myDate').value = my_time;
}
/script
-Original Message-
From: Russ Michaels r...@michaels.me.uk
Sent: Tuesday, January
On 1/4/2011 7:44 AM, Orlini, Robert wrote:
Russ/Mike,
Is there a way just to show the time and not the date?
Use the appropriate methods of the date object.
http://www.w3schools.com/js/js_obj_date.asp
I would probably start with the getTime() method.
document.myForm.myField.value =
Here's a page that will tell you everything you need on how to format a
date/time.
http://www.webdevelopersnotes.com/tips/html/10_ways_to_format_time_and_date_using_javascript.php3
On Tue, Jan 4, 2011 at 10:44 AM, Orlini, Robert rorl...@hwwilson.comwrote:
Russ/Mike,
Is there a way just to
On 1/4/2011 7:44 AM, Orlini, Robert wrote:
Russ/Mike,
Is there a way just to show the time and not the date?
Ok, looking closer at the full date object reference.
http://www.w3schools.com/jsref/jsref_obj_date.asp
toTimeString() OR toLocalTimeString() are probably what you are looking for.
The code below will display the date as MonthFull day, Yearfull iue: January
4, 2011
script type=text/javascript
function show_now() {
var months = new Array(12);
months[0] = January;
months[1] = February;
months[2] = March;
months[3] = April;
Is anyone aware of a jQuery plugin (or script which uses jQuery) to pull a
Facebook feed from their graph API and display it on the page in a manner
similar to how the Facebook wall is displayed? We have a client who would
like to display a Facebook stream on their home page similar to how many
This edited script will show date or time, whichever you choose to
display
script type=text/javascript
function show_now() {
var months = new Array(12);
months[0] = January;
months[1] = February;
months[2] = March;
months[3] = April;
months[4] =
Thank you Larry, Russ, and Mike.
The toTimeString(); function works now. One further tweak though. It displays
as: 11:10:45 GMT-0500 (Eastern Standard Time)
How can I make it just show the time. ie: 11:10:45.
My code so far:
script type=text/javascript
function show_now() {
var my_time =
Look at the code I just sent you and add seconds with
var curr_sec = currentTime.getSeconds();
curr_sec = curr_sec + ;
if (curr_sec.length == 1)
{
curr_sec = 0 + curr_sec;
}
var my_time = curr_hour+:+curr_min+:+curr_sec + + a_p;
document.myForm.myTime.value = my_time;
This display
Hello HofFer's
I have an update on my issue. We were able to find out what version of iCal
was having this problem with. Version 4.0.3 (1388) copyright 2002 - 2009 is
the version that hasn't been auto accepting our imported events.
I hope someone who knows the MAC and iCal can help me out.
Hello fellow CFers,
I just released a beta of a new ColdFusion framework called Neptune and I would
love to get some beta testers to help me find bugs or make suggestions on how
it could be improved. We have been using it internally for a few years on
several projects, so I am curious to see
I pasted in the example from the CF Documentation and added in my own jpg
image.
When I run the cfm file it shows ONLY the text bird with a red background
and no image.
When I comment out the cfdocument start and end tag the image appears.
I know it is something I have done wrong, but I do not
Steve,
Nice job on the documentation.
-mark
Mark A. Kruger, MCSE, CFG
(402) 408-3733 ext 105
Skype: markakruger
www.cfwebtools.com
www.coldfusionmuse.com
www.necfug.com
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Tuesday, January 04, 2011
Michael,
you do indeed need an ID to be defined to use getElementById(), the clue is
in the function itself, it gets the DOM reference for an object by its ID,
if you do not have such an ID then it will not find the object.
Feel free to look it up on the w3c site or similar.
Russ
On Tue, Jan
Of course you do. We weren't talking about that though, we were talking
about using dot notation which targets the name field. You don't need to
have an ID to do what the OP was looking for. Telling them they need it is
just confusing.
On Tue, Jan 4, 2011 at 1:05 PM, Russ Michaels
On 1/4/2011 10:05 AM, Russ Michaels wrote:
Michael,
you do indeed need an ID to be defined to use getElementById(),
True, if you use the getElementByID() function. But Russ was showing
the docuement.formName.inputName syntax which is based on names and thus
you do not need to use IDs
Michael, if you refer back to the example code I provided which he says
solved his problem, I used getElementById.
In which case removing the ID will break this code.
Russ
On Tue, Jan 4, 2011 at 6:08 PM, Michael Grant mgr...@modus.bz wrote:
Of course you do. We weren't talking about that
Michael,
I have to agree despite my limited experience. My code below with the ID and
the getElementById() works fine. Nonetheless, I appreciated your assistance.
All suggestions worked to the final solution. I included the
toLocaleTimeString();
code just to get the time and no date.
Thanks
Right. But it's not the use of getElementById that fixed your code. It's
the fact you actually spelled the item correctly. Had you simply changed
mydate to myDate with your original code it would have worked fine.
On Tue, Jan 4, 2011 at 1:14 PM, Orlini, Robert rorl...@hwwilson.com wrote:
Isn't the tag img and not image ?
On Tue, Jan 4, 2011 at 11:36 AM, Terry Troxel terry.tro...@gmail.com wrote:
I pasted in the example from the CF Documentation and added in my own jpg
image.
When I run the cfm file it shows ONLY the text bird with a red background
and no image.
When I
OK I see. Why does Javascript have to be so sensitive with cases.
Thanks.
RO
-Original Message-
From: Michael Grant mgr...@modus.bz
Sent: Tuesday, January 4, 2011 1:21pm
To: cf-talk cf-talk@houseoffusion.com
Subject: Re: SOT: Show time in field on click
Right. But it's not the use of
Actually, almost all languages are case-sensitive. I actually wish CF was
case-sensitive. I think it's one of the (few) areas where cf dropped the
ball.
On Tue, Jan 4, 2011 at 1:30 PM, Orlini, Robert rorl...@hwwilson.com wrote:
OK I see. Why does Javascript have to be so sensitive with cases.
Our error handler captures information about a page not found.
For example, it logs the following:
Referrer:
Query String: id=3273MoreImages=1
Browser/version: Mozilla/5.0 (compatible; YandexBot/3.0;
+http://yandex.com/bots)
How can I tell the actual page that was requested?
Thanks in
You can log more information. My framework I use email's me the entire
cfcatch structure when an error occurs.
Regards,
David McGraw
Oyova Software - http://www.oyova.com
On Tue, Jan 4, 2011 at 1:35 PM, Richard Steele r...@photoeye.com wrote:
Our error handler captures information about a
cgi.script-name
On Tue, Jan 4, 2011 at 12:35 PM, Richard Steele r...@photoeye.com wrote:
Our error handler captures information about a page not found.
For example, it logs the following:
Referrer:
Query String: id=3273MoreImages=1
Browser/version: Mozilla/5.0 (compatible;
Sorry - cgi.script_name. I meant _ not -.
On Tue, Jan 4, 2011 at 12:45 PM, Raymond Camden rcam...@gmail.com wrote:
cgi.script-name
On Tue, Jan 4, 2011 at 12:35 PM, Richard Steele r...@photoeye.com wrote:
Our error handler captures information about a page not found.
For example, it logs
Hi, Does anyone have experience (good or bad) with setting up an Amazon EC2
Windows 2008 Server? We had a Gogrid Server that just disappeared one day.
Gogrid had no clue as to why it happened, nor were they willing to
troubleshoot.
Thanks in advance.
When we run CFCONTENT with big file downloads the JRun service keeps growing in
size and stays at that size. Does anyone know how to run a garbage collection
or anything else to purge all of that temp data that seems to be hogging up
memory. I am trying to find a way to do it without
I should learn to not trust all the code in the help examples. Good call
Raymond and Thank You!
Terry
-Original Message-
From: Raymond Camden [mailto:rcam...@gmail.com]
Sent: Tuesday, January 04, 2011 10:24 AM
To: cf-talk
Subject: Re: Issues with CF Document
Isn't the tag img and not
Hi Richard,
I am interested in this topic too. Setting it up, no problem. Its not too
difficult to get it up and running. I made it that far without any issue.
Reliability? Not sure. But from my research it looks like you need to ensure
you have some failover, like in a regular setup and it
In case you are wondering why it may have worked when not in
cfdocument - you have to think of cfdocument as a browser too,but an
old browser. So what it supports versus what your modern day Chrome or
Firefox supports is going to be pretty different.
On Tue, Jan 4, 2011 at 1:12 PM, Terry Troxel
Hi Folks
As I create a database linked form I am wondering about form security and
especialy malicious script injection. I use cfqueryparam.
I also check each entry to ensure that it conforms to my needs, non blank
entries
etc. It wouldn't be too hard to include in these checks a simple test
Hi folks
does anyone know of a simple cf webinar ap.
I am creating a webinar where I want people to login with a password. input
several fields of personal introduction and upload a photograph. and be able to
edit the material as they choose.
Rob
You are promoting a security risk with the uploaded files folder as being
under the webroot, I hope this is configurable.
Regards,
Andrew Scott
http://www.andyscott.id.au/
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Wednesday, 5 January 2011
Open Source Code = 100% Configurable. :)
Thanks,
Eric Cobb
ECAR Technologies, LLC
http://www.ecartech.com
http://www.cfgears.com
On 1/4/2011 1:44 PM, Andrew Scott wrote:
You are promoting a security risk with the uploaded files folder as being
under the webroot, I hope this is
Did you find a tutorial on how to set up a Windows 2008 server? There's one
online for a non-windows server, but I haven't found one for a Windows 2008
server.
Also, I know that Amazon has different levels of guarantee for their s3
storage, but it seems like having it backed up to a
Andrew,
The default folder for uploading files has a Application.cfm that just contains
cfabort to help mitigate that risk. Assuming the uploads themselves limit
file types allowed, how serious a risk do you think that is?
Also, yes, easy to configure. Just change the UploadPath setting in
Rob,
cfqueryparam will protect you from SQL injection hacks but for other sorts of
security, you might want to look into John Mason's (free / open source)
Portcullis project which is probably just what you are looking for.
http://portcullis.riaforge.org/
You might also look at Pete Frietag's
You can never assume limiting by file types when it comes to adding files to
your webroot, through a web uploader. You might want to list in the docs the
risk of leaving it in the webroot, and that it is extremely advisable to
move the folder outside of the webroot.
Regards,
Andrew Scott
Amazon provides Windows AMIs so it's very easy to set up a Windows Server, it's
a matter of minutes.
If you run your server using an EBS backed (which I think is now the default
standard for Windows) then you can easily take snapshots in order to backup the
entire server in one go. Those
When we run CFCONTENT with big file downloads the JRun service keeps growing
in size and stays at that size. Does anyone know how to run
a garbage collection or anything else to purge all of that temp data that
seems to be hogging up memory. I am trying to find a way to do it
without
Also, I know that Amazon has different levels of guarantee for their s3
storage, but it seems like having it backed up to a different location would
be wise. Is that easy to accomplish?
Elastic Block Storage - EBS.
http://aws.amazon.com/ebs/
You can take snap shots of your server. Essentially
Andrew,
I'll have to ponder that.
Right now the following XML would create a table with two file fields, one of
which would accept only images and the other would accept only vcard files.
table entity=Contact
field name=ContactImage Label=Image type=image folder=images /
field
Wouldn't it be sufficient to make the folder write and read only leaving off
the public execute privilege?
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Tuesday, January 04, 2011 4:38 PM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC)
Duane,
Good question. I would think so, but I am not expert enough on the topic to be
confident of that.
I believe I have that set already in the folder in the zip as well as in the
download created from the generator. If not, I will correct.
Anyone know a reason why that would not be
Yes but if you understand the problems with that then you would know that a
file can be uploaded that is pretending to be a png or whatever it wants to
be, and actually be a cfml or any other executable file.
There has been enough discussion on this matter to adhere to the fact that
the uploads
To further Andrews Point,
We typically create a script to deliver the requested file so we can run a
bit of CF to properly name the file and ensure the user has a valid
permission to even request it. So with our basic framework we usually have
a download.cfm script which will serve it up if all
What is the best way to write the following update loop using cfqueryparam?
cfset loopcount=0
cfloop index=UpdateRecord list=#FORM.RecordsToUpdate#
cfset loopcount = loopcount+1
cfset NewOrder=#ListGetAt(FORM.DisplayOrder, loopcount)#
cfquery name=updDisplayOrder datasource=#DSN#
Andrew,
Correct me if I am mistaken, but I thought that was if the system was checking
*only* mime-type. The framework checks both mime-type AND file extension. I did
check on that at the time of that exploit and ensured that our framework was
protected from that exploit. If I have missed
What is the best way to write the following update loop using cfqueryparam?
cfset loopcount=0
cfloop index=UpdateRecord list=#FORM.RecordsToUpdate#
cfset loopcount = loopcount+1
cfset NewOrder=#ListGetAt(FORM.DisplayOrder, loopcount)#
cfquery name=updDisplayOrder datasource=#DSN#
Just add the queryparam where it is supposed to go on the set.
Also where are people learning to write code like this?
cfset NewOrder=#ListGetAt(FORM.DisplayOrder, loopcount)#
The correct way is
cfset NewOrder = ListGetAt(FORM.DisplayOrder, loopcount) /
Notice that the hashes has been
David,
That is certainly another point altogether. As I said, the framework does allow
you to configure location and URL path for uploaded files which *should* allow
a URL path like /file.cfm?file=.
I have added testing that as a relatively high-priority task for my next round
of work on the
Yeah, I wasn't knocking it...
On Tue, Jan 4, 2011 at 5:15 PM, Steve Bryant
st...@bryantwebconsulting.comwrote:
David,
That is certainly another point altogether. As I said, the framework does
allow you to configure location and URL path for uploaded files which
*should* allow a URL path
Checking the mime-type and the extension is not secure.
I can write a CFML name it as a PNG and try to display the image, but
instead the code will be executed. You should know that.
Regards,
Andrew Scott
http://www.andyscott.id.au/
-Original Message-
From: Steve Bryant
How would CF server know to process a .cfm file unless you pre-configured
your IIS or Apache to tell CF to process and execute PNGs? I'm honestly
asking.
I agree that your files should not be in the webroot, but it sounds like you
can easily use a dynamic loader script, and configure the
Yeah I think I got myself confused there, have a blinding headache and
wasn't thinking on that one.
The point Steve needs to understand is that this is changeable, and that
means that someone can easily come along and change the framework. That
means there should be a warning of some degree that
Thanks, that's it!
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
cfset loopcount=0
cfloop index=UpdateRecord list=#FORM.RecordsToUpdate#
cfset loopcount = loopcount+1
cfquery name=updDisplayOrder datasource=#DSN#
UPDATE Pages
SET Pages.DisplayOrder = cfqueryparam cfsqltype=cf_sql_integer
value=#ListGetAt(FORM.DisplayOrder, loopcount)#
WHERE Pages.PageID =
Both mime types and file extensions can be spoofed by a hacker as both
are just data that hackers can manipulate on their end of the
client-server relationship. Unless you are running code that actually
inspects the content of the file to confirm that it matches the file
type and the mime
Ok, great. I've got my Windows Server Instance up and running! Now I'm
downloading the CF8 Developer's Edition.
Can I install both CF8 and CF9 Developer's Edition? Our current production
server is CF8, but would like to test our code in CF9 before upgrading.
Andrew,
You just hit me with a You should know that and a Steve needs to
understand I get that you have a headache, but I am not trying to fight
you on this. I am really just trying to get a feel for the threat-level so I
can decide on the appropriate action(s) to take.
It sounds like
Ian,
I'm not sure that is exactly accurate. A mime-type can certainly be spoofed, no
debate there. A file extension can be *changed*, but (unless I understand
incorrectly), the server is going to decide how to handle a file based on the
extension.
So, for example, you may save a ColdFusion
http://www.petefreitag.com/item/701.cfm
And take special note of Always upload to a temp directory outside of the
Web Root
Regards,
Andrew Scott
http://www.andyscott.id.au/
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Wednesday, 5 January 2011
I think the fear would be if an EXE was uploaded as a CFM file...
Regards,
David @ Oyova - http://www.oyova.com
On Tue, Jan 4, 2011 at 5:52 PM, Steve Bryant
st...@bryantwebconsulting.comwrote:
Ian,
I'm not sure that is exactly accurate. A mime-type can certainly be
spoofed, no debate
What about *.jsp files, or even aspx or asp files?
Regards,
Andrew Scott
http://www.andyscott.id.au/
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Wednesday, 5 January 2011 9:53 AM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC)
Right, Andrew is spot on, you don't want someone writing a CFM script, or
any script which can do a cffile action on your website... By ensuring the
files which are uploaded from users residing outsite the webroot, IIS won't
even prompt CF to execute the script, therefore it's just a text file
Andrew,
Definitely a good point which is why I mentioned modifying the framework to
have black-listed file extensions that would have to be explicitly allowed for
a field.
I do think, however, that I should have a note on the section about uploading
files that a list of allowed extensions
As long as you are aware that while your code is doing the validation a
hacker can still run the uploaded file.
Regards,
Andrew Scott
http://www.andyscott.id.au/
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Wednesday, 5 January 2011 10:06 AM
Steve,
This is one off, but this post explains how you can exploit the latency
between storing the file and handling or deleting it IF you store your temp
file in a web root accessible folder:
http://www.coldfusionmuse.com/index.cfm/2009/9/18/script.insertion.attack.ve
ctor
-Mark
Mark A.
Steve,
In spite of the small hornet's nest you stepped in let me congradulate you
on your framework and thank you for putting yourself out there. As a blogger
who has to accept every criticism with a smile (or perhaps I should say
chooses to accept)... and a sense of humor, I appreciate what it
Yeah... I second this... Anyone who sets up to create something more than a
random assortment of code, deserves a nod.
-Dave
Oyova Software, LLC
www.oyova.com
On Tue, Jan 4, 2011 at 6:23 PM, Mark A. Kruger mkru...@cfwebtools.comwrote:
Steve,
In spite of the small hornet's nest you stepped
On Tue, Jan 4, 2011 at 8:27 AM, Steve Bryant
st...@bryantwebconsulting.com wrote:
I think it is quite a bit unlike any other ColdFusion framework out there. It
isn't hub-and-spoke (where all requests are routed through index.cfm, for
example). It doesn't require OO. It does, however, provide
Still missing the point, but nevermind.
-Original Message-
From: Michael Grant [mailto:mgr...@modus.bz]
Sent: 04 January 2011 18:21
To: cf-talk
Subject: Re: SOT: Show time in field on click
Right. But it's not the use of getElementById that fixed your code. It's
the fact you actually
Can I install both CF8 and CF9 Developer's Edition?
Yes, you can. But they're not really designed to be installed
concurrently, unless you install CF 9 multiserver, then use the CF 8
installer to create an EAR, then deploy that EAR to a new CF instance.
Dave Watts, CTO, Fig Leaf Software
Mark,
I actually remember reading that blog post when it came out (I always love your
blog, by the way). To be honest, I don't remember if I am doing that validation
in place or not. Certainly this does demonstrate that it shouldn't be done in
place - and I will address that if it is.
I am
Hmmm I think you are contradicting the scenario here.
- The files are temporarily uploaded to another location and then
validated
With all of that, how serious is the threat of having the default upload
location be inside the web root?
If the temp file is accessible before validation, a
Steve,
I'd say you've protected against conceivable threats with that approach -
but I still always store files outside the web root. My problem is that my
conceiver isn't always that great and ornery hackers have better conceivers
than I do. Can I ask what you are trying to save with this
Mark,
Good to know. I certainly understand about future threats, but I think this is
sufficient to keep my current approach (with the modifications outlined) with
only a relatively mild warning about putting files outside the web root (but a
major one about white listing extensions).
Maybe I
Steve,
Ok... given your arguments I buy it. As long as you fully document the
nuances involved. I would point out however that folks who are using a
shared host with limited access to folders may also not be able to tighten
down the folder's execute permissions... but you can't think of
Not to mention that if there is any hosting provider that doesn't allow for
this, then they should be avoided at all costs.
It would be within their best interests to stop all exploits, so if they
have a customer that does file uploads and that customer can't have a folder
not accessible from
Sean,
Thanks for pointing that out. It certainly is a problem in the documentation.
Those convolutions actually have nothing to do with white-space at all (nor
do they impact it). It is just a syntax that I personally preferred as it makes
it easy to ignore the CFML and look only at the HTML
Yeah, not being able to disable execute permissions would be annoying, but I
think the other protections should still cover the possibilities pretty well.
Nonetheless, that probably does deserve a note in the docs (including we would
recommend finding another host).
Just to clarify, I do
On Tue, Jan 4, 2011 at 8:09 PM, Steve Bryant
st...@bryantwebconsulting.com wrote:
Just to illustrate one of the advantages of this approach, here is a code
example of a very simple page:
cf_layout title=Congratulations!
script src=/my.js type=text/javascript/script
cf_layout
97 matches
Mail list logo
