• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 21. Securing Your Applications > Defending against Cross-Site Scripting

Defending against Cross-Site Scripting

One way your web application be harmed is by cross-site scripting. This is simply the use of HTML and other codes within web based form. As a simple example, imagine a forums application that lets people write their own entries. Someone could write an entry that contained JavaScript code. When someone else views that page, the JavaScript code is executed just as if you had written it yourself. This could be very dangerous. Luckily, ColdFusion provides a simple solution. In chapter 19, you learned about the Application.cfc file and how you can configure ColdFusion applications via the THIS scope. You can simply add one more attribute to the THIS scope:

<cfset THIS.scriptProtect="all">


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint