Copy link to clipboard
Copied
This question was posted in response to the following article: http://help.adobe.com/en_US/ColdFusion/10.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7d69.html
Copy link to clipboard
Copied
The scriptProtect feature in CFML engines doesn't protect against using code like shown below to insert malicious code. You must still validate data submitted by users you don't trust.
onclick="javascript:doEvil();" or href="javascript:doEvil();"