Copy link to clipboard
Copied
Hi
Is there any way to prevent a XSS attacks in cold fusion in already established project?
I used encodeForHTML(url.NewValue) for an input but applying this to every input of Form of all the pages in the project won't be possible.
Is there a way to do this from single location without affecting rest of the code in project?
Copy link to clipboard
Copied
Nope. Not that I am aware of.
V/r,
^_^
Copy link to clipboard
Copied
Which version of CF?
There are a number of settings in the CF Administrator that prevent XSS out of the box. Enable Global Script Protection under Server Settings > Settings is a good starting point.
Copy link to clipboard
Copied
using version 11.
Used it, but doesn't work for user input in a Form.
Thought of replacing CFSET with a Custom tag to provide some degree of protection. But variable name in custom tag does not support complex name using (.) operator. eg <cf_myset url.value="123">
Copy link to clipboard
Copied
You mention forms but are using the url scope. Is this as an example? Why are you using url scope with form posts?