O'Reilly logo

Adobe ColdFusion 8 Web Application Construction Kit, Volume 1: Getting Started by Charlie Arehart, Raymond Camden, Ben Forta

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Defending Against Cross-Site Scripting

One way your web application be harmed is by cross-site scripting. This is simply the use of HTML and other codes within web based form. As a simple example, imagine a forums application that lets people write their own entries. Someone could write an entry that contained JavaScript code. When someone else views that page, the JavaScript code is executed just as if you had written it yourself. This could be very dangerous. Luckily, ColdFusion provides a simple solution. In Chapter 19, you learned about the Application.cfc file and how you can configure ColdFusion applications via the THIS scope. You can simply add one more attribute to the THIS scope:

<cfset THIS.scriptProtect="all">

This one line will ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required