|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!
|
|
#1
March 19th, 2005, 05:28 PM
|
|||
|
|||
|
Forms and not allowing HTML
I have a chatroom... and sometimes they type <b>Hi</b> and i don't want this. I was wondering how i could go about blocking html/javascript from being submitting.. i had originally thought about just blocking the first letter if it was '<' ... but then they could just do... "... <b>Hi</b>"
So any ideas?
|
|
#2
March 19th, 2005, 06:13 PM
|
|||
|
|||
|
You could use regular expressions to extract any tags (I'm sure a search on the net will yield many such scripts). Or you could just use the htmlCodeFormat() function on the string before you insert it into the database. This replaces the < and > symbols with their ascii codes, effectively neutralizing any tags.
CFMX 7 has a built in option in the Application.cfc file or <cfapplication> tag called "scriptProtect" that will filter out any code or script-hijacking attempts from whatever scopes you specify.
__________________
Ask if you have a question, but also help answer questions that you have knowledge of! Thanks, Brian. How to Post a Question in the Forums
|
|
#3
March 19th, 2005, 06:21 PM
|
|||
|
|||
|
Oh how I wish I could be on 7 already
 Quote:
|
|
#4
March 19th, 2005, 06:47 PM
|
|||
|
|||
|
Ooh that function did exactly what I needed to. Thanks
Quote:
|
|
| Viewing: Dev Shed Forums > Programming Languages - More > ColdFusion Development > Forms and not allowing HTML |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
