• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Canonicalize(str,bool,bool) not working as expected

LEGEND ,
Nov 15, 2016 Nov 15, 2016

Copy link to clipboard

Copied

Hello, all,

I'm using canonicalize() as part of a URL and FORM scope sanitizing process, and it's not doing what the specs say it should do.

For example, in scrubbing a URL parameter, the following _should_ throw an error:

www.domain.com/page.cfm?var=home%27alert(%22abc%22)%27

This should trigger an error, and cause my onError() handler in application.cfc to run.  But it isn't working.

url.var = canonicalize(url.var,true,true);

What is going on???  Why isn't this throwing an error?

V/r,

^_^

Views

196

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Nov 16, 2016 Nov 16, 2016

Copy link to clipboard

Copied

LATEST

Is there a setting in CFAdmin that has to be set to a particular value in order for canonicalize() to work??  What could cause canonicalize() to _not_ work?


V/r,

^_^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation