You can right your own custom form validation with javascript. Nothing good
comes easy!
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
You can do a search on Subject: Re: CFML be gone!
05/09/00
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 09, 2000 12:02 PM
Subject: Re: CFML be gone!
|
| You can do a search on Subject: Re: CFML be gone!
|
| 05/09/00
| 07:45 AM
| Please
| respond to
|
Todd,
Nice question - I'm interested in a tag / functions / pain-in-the-but-
work-around that would remove just the CFML tags. Previous to your post, I
failed to realize that if I allow people to submit HTML tags along with
their text, they could also submit CFML tags, creating a major security
sage -
From: "David Berger" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 09, 2000 10:45 AM
Subject: Re: CFML be gone!
| You can right your own custom form validation with javascript. Nothing
good
| comes easy!
-
your dog back"
-Anonymous
___
-Original Message-
From: Todd Ashworth [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 09, 2000 2:03 PM
To: [EMAIL PROTECTED]
Subject: Re: CFML be gone!
Wouldn't that show up in the text though? Also,
I haven't tried this, but I'm betting this RegEx would do the trick:
REReplaceNoCase(#form.input#, "]*>", "", "ALL")
If I understand my RegEx correctly, this will find any tag beginning mailto:[EMAIL PROTECTED]
=
--
tworks LLC [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 09, 2000 1:54 PM
To: [EMAIL PROTECTED]
Subject: Re: CFML be gone!
Todd,
Nice question - I'm interested in a tag / functions / pain-in-the-but-
work-around that would remove just the CFML tags. Previous to your post, I
failed to realize th
There was also a good discussion some time back about dis-allowing SQL
syntax as well. Someone on the list did quite a bit of research on some
vulnerabilities, and made some tags that helped deal with that.
I wish I had kept that thread.. kind sir ... are you still out there???
Thx,
Steve
9 matches
Mail list logo