Canonicalize(str,bool,bool) not working as expected

Question

Hello, all,I'm using canonicalize() as part of a URL and FORM scope sanitizing process, and it's not doing what the specs say it should do.For example, in scrubbing a URL parameter, the following _should_ throw an error:www.domain.com/page.cfm?var=home%27alert(%22abc%22)%27This should trigger an error, and cause my onError() handler in application.cfc to run.  But it isn't working.url.var = canonicalize(url.var,true,true);What is going on???  Why isn't this throwing an error?V/r,^_^

WolfShade · Answer

Is there a setting in CFAdmin that has to be set to a particular value in order for canonicalize() to work?? What could cause canonicalize() to _not_ work?V/r,^_^

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded