Professional Web Applications Themes

Esacpe and special code, charecots, anything - Coldfusion - Advanced Techniques

Hey everyone. I have an instant messaging feature in my site. The user writes a message, its held in an access database, and delieved via a javascript alert whenever the intended recipent logs in. However a problem has recently been exposed, if someone uses javascript in the message they send, the browser ps it, and causes all kinds of havoc. Is there a good way to make any special code, expecially javascript get escaped so this doesn't happen? I just need a way to stop the messages from being a potential security risk, and stop parsing code inside them. Any ...

Sponsored Links
  1. #1

    Default Esacpe and special code, charecots, anything

    Hey everyone. I have an instant messaging feature in my site. The user writes a
    message, its held in an access database, and delieved via a javascript alert
    whenever the intended recipent logs in. However a problem has recently been
    exposed, if someone uses javascript in the message they send, the browser
    ps it, and causes all kinds of havoc. Is there a good way to make any
    special code, expecially javascript get escaped so this doesn't happen? I just
    need a way to stop the messages from being a potential security risk, and stop
    parsing code inside them. Any ideas?

    Sponsored Links
    kenji776 Guest

  2. #2

    Default Re: Esacpe all code, expecially javascript.

    Dirty rotten scoundrels.

    Try this:

    <cfset messagebody=replacelist(messagebody,"<script>,</script>"," , ")>

    Also, check out CF_SCRIPTKILL. I think it's still in the DevEx.
    philh Guest

  3. #3

    Default Re: Esacpe all code, expecially javascript.

    Actually the first guy had good intent, he was sending me some code for
    checking to see if a users email was valid. However thanks to that glitch it
    made all kinds of problems. I just have a question, if i pull the script tags
    will that help, becasue i mean the messge being delieverd is already in script
    tags, becasue its being delievered by a javascript alert. Ill have to try it
    though thanks. And that killall function is that in the cf server? Or do i need
    to download it? Thanks for the help. Your awsome.

    kenji776 Guest

  4. #4

    Default Re: Esacpe all code, expecially javascript.

    You can always display the message inside of a 'textarea' tag. All html and
    client-side scripts are ignored and assumed to be in 'plain text'.

    <textarea cols="30" rows="8">#yourmessages#</textarea>

    coderWil Guest

  5. #5

    Default Re: Esacpe all code, expecially javascript.

    How about if you put the submitted data within HTMLEditFormat or HTMLCodeFormat
    before sending it on to the browser for display? These functions display HTML
    (and JavaScript, I presume) tags as the text equivalent.

    Ajit

    Ajit Guest

  6. #6

    Default Re: Esacpe all code, expecially javascript.

    Try:

    <xmp><cfoutput>#your_stuff_here#</cfoutput></xmp>

    Mr Guest

Similar Threads

  1. Why doesn't the Code Completion occur in FlexBuilder IDEwhen source code is in an external file?
    By DuffyVector123 in forum Macromedia Flex General Discussion
    Replies: 0
    Last Post: May 25th, 01:39 PM
  2. Custom control fires event but ignores some code in the code behind file
    By recoil@community.nospam in forum ASP.NET Building Controls
    Replies: 0
    Last Post: March 8th, 05:17 PM
  3. [PHP] Wrapping code inside [code][/code] tags.
    By Php in forum PHP Development
    Replies: 2
    Last Post: October 6th, 09:34 AM
  4. Replies: 0
    Last Post: July 11th, 06:27 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139