3 Replies Latest reply on Nov 13, 2010 7:40 AM by Dave Watts

    Any need to use xmlFormat() if I enable Global Script Protection?

    pbk-nFjYI4 Level 1

      My site displays a lot of user-supplied data, so I am concerned about XSS attacks.  I have been using xmlFormat() when displaying user input.  What I am wondering is whether enabling Global Script Protection in the CF Admin gives me all the protection that xmlFormat or htmlEditFormat does.  If so, I'd rather check that one box than have to remember to use xmlFormat all the time.  So is Global Script Protection all I really need?