1 Reply Latest reply on Jan 13, 2013 11:03 AM by skyflare21


    community help Level 1
        • 1. Re:  cfapplication

          The scriptProtect feature in CFML engines doesn't protect against using code like shown below to insert malicious code.  You must still validate data submitted by users you don't trust.

          onclick="javascript:doEvil();"  or href="javascript:doEvil();"