On Wed, Jan 20, 2010 at 9:39 AM, Clarke Bishop wrote:
> But, then, for my admin pages, where I want to allow logged in users to
> submit forms with tags and javascript, how do I disable the XSS
> check. If the XSS check is in OnRequest, it already happened before I got to
> the admin cfm page.
Y
equest, which was my intent of the tag. You
could always have conditionally based tag invocations using the path.
S
From: Clarke Bishop
To: discussion@acfug.org
Sent: Wed, January 20, 2010 9:39:06 AM
Subject: RE: [ACFUG Discuss] ScriptProtect="none"
T
...@acfug.org [mailto:ad...@acfug.org] On Behalf Of shawn gorrell
Sent: Tuesday, January 19, 2010 6:26 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] ScriptProtect="none"
Clark, IMO scriptprotect is a total and utter waste of time. Abandon it.
If you're interested in something b
basis, but it will also
work easily on a per-page basis.
From: Clarke Bishop
To: discussion@acfug.org
Sent: Tue, January 19, 2010 5:41:26 PM
Subject: [ACFUG Discuss] ScriptProtect="none"
I know it’s a good practice to use CF’s
ScriptProtect featu
On Tue, Jan 19, 2010 at 5:41 PM, Clarke Bishop wrote:
> I know it’s a good practice to use CF’s ScriptProtect feature.
I'm not sure I agree with that. There are many other better solutions
that cover you alot more completely.
-Cameron
--
Cameron Childress
Sumo Consulting Inc
http://www.sumoc.
I know it's a good practice to use CF's ScriptProtect feature.
But, I have an admin page in a CMS, and I need to be able to turn off
ScriptProtect for that page. Otherwise, CF inserts messages!
Is there a way to turn off ScriptProtect for one page only?
Thanks for any ideas!
Cl
