All,
My company has developed a J2EE servlet filter that inspects
http requests to filter for non-safe text to prevent cross-site
scripting, sql injection, and other web attacks. We are trying to
leverage this within our CF 6.1 environment.
We have configured the web.xml to invoke the filter (which
should process BEFORE anything else in the CF war executes. The
filter is firing as expected, is changing the request parameters,
and releasing control back to JRUN (FilterChain) and the CfmServlet
to process the CFM template.
When the CFM template processes, the Request scope has been
modified but the URL and FORM scopes have NOT been modified.
Does anyone know how to access the URL and FORM scopes within
a J2EE Filter? Any other ideas?