Methods to prevent XSS

Forum|Forum|17 years ago
November 13, 2008
1 reply
348 views

Does anyone know of any methods to prevent Cross Site Scripting (XSS) in CF applications?

Advanced techniques

This topic has been closed for replies.

N

Newsgroup_User

Inspiring

jperez8770 wrote:
> Does anyone know of any methods to prevent Cross Site Scripting (XSS) in CF applications?

Turn on the "Enable Global Script Protection" XSS setting in the CF
administrator.

Never Trust unverified inputs form any client request, be it get|url,
post|form or cookie to be output without protection in future responses.

Use the urlEncodedFormat(), urlDecode(), htmlCodeFormat(),
htmlEditFormat() and xmlFormat() functions to escape any untrusted
content rendering scripting code as harmless text.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded