1 Reply Latest reply on Jan 13, 2013 11:03 AM by skyflare21

    cfapplication

    community help Level 1
        • 1. Re:  cfapplication
          skyflare21

          The scriptProtect feature in CFML engines doesn't protect against using code like shown below to insert malicious code.  You must still validate data submitted by users you don't trust.

          onclick="javascript:doEvil();"  or href="javascript:doEvil();"