On Tue, Jan 19, 2010 at 5:41 PM, Clarke Bishop wrote:
> I know it’s a good practice to use CF’s ScriptProtect feature.
I'm not sure I agree with that. There are many other better solutions
that cover you alot more completely.
-Cameron
--
Cameron Childress
Sumo Consulting Inc
http://www.sumoc.
Clark, IMO scriptprotect is a total and utter waste of time. Abandon it.
If you're interested in something better, and more comprehensive, take a look
at John's Portcullis component, or my cf_xssblock tag. Typically I use my tag
in application (cfm or cfc), rather than on a per-page basis, but
...@acfug.org [mailto:ad...@acfug.org] On Behalf Of shawn gorrell
Sent: Tuesday, January 19, 2010 6:26 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] ScriptProtect="none"
Clark, IMO scriptprotect is a total and utter waste of time. Abandon it.
If you're interested in something b
equest, which was my intent of the tag. You
could always have conditionally based tag invocations using the path.
S
From: Clarke Bishop
To: discussion@acfug.org
Sent: Wed, January 20, 2010 9:39:06 AM
Subject: RE: [ACFUG Discuss] ScriptProtect="none"
T
On Wed, Jan 20, 2010 at 9:39 AM, Clarke Bishop wrote:
> But, then, for my admin pages, where I want to allow logged in users to
> submit forms with tags and javascript, how do I disable the XSS
> check. If the XSS check is in OnRequest, it already happened before I got to
> the admin cfm page.
Y
