1 Reply Latest reply on Nov 13, 2008 12:45 PM by Newsgroup_User

    Methods to prevent XSS

    jperez8770
      Does anyone know of any methods to prevent Cross Site Scripting (XSS) in CF applications?
        • 1. Re: Methods to prevent XSS
          Level 7
          jperez8770 wrote:
          > Does anyone know of any methods to prevent Cross Site Scripting (XSS) in CF applications?

          Turn on the "Enable Global Script Protection" XSS setting in the CF
          administrator.

          Never Trust unverified inputs form any client request, be it get|url,
          post|form or cookie to be output without protection in future responses.

          Use the urlEncodedFormat(), urlDecode(), htmlCodeFormat(),
          htmlEditFormat() and xmlFormat() functions to escape any untrusted
          content rendering scripting code as harmless text.