Defending Against Cross-Site Scripting
One way your web application be harmed is by cross-site scripting. This is simply the use of HTML and other codes within web based form. As a simple example, imagine a forums application that lets people write their own entries. Someone could write an entry that contained JavaScript code. When someone else views that page, the JavaScript code is executed just as if you had written it yourself. This could be very dangerous. Luckily, ColdFusion provides a simple solution. In Chapter 19, you learned about the Application.cfc file and how you can configure ColdFusion applications via the THIS scope. You can simply add one more attribute to the THIS scope:
<cfset THIS.scriptProtect="all">
This one line will ...
Get Adobe ColdFusion 8 Web Application Construction Kit, Volume 1: Getting Started now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
