search
Search keywords
Category
Advanced search
Featured Scripts
MailWorks Professional
MailWorks Professional let's you create and manage your own e-mail marketing campaigns.
Express Web Tools
We offer FREE voting polls for your web site.
123Sold Online Auction
The new auction site that has all the features of a successfull market place.
Banner Advertisement
Banner Advertisement to give you a channel to present your products to a targeted Web Development audience.
Featured Script
Give your Script the exposure it deserves! Your script will be displayed on each and every page header.
Sponsored Script
Your script holds one of the top positions and seen first when browsing through your Script's category.
Viewing: TrimVars - Prevent XSS Flaws

Viewing: TrimVars - Prevent XSS Flaws

Website Forum Review Report
TrimVars - Prevent XSS Flaws
ColdFusion > Forms
Modified: 23/02/2005
Script ID: #3812
Listed by: Rizal Firmansyah, MasRizal
License:
Commercial license(s) available (license information)
Platforms:
Windows, Linux, Unix, Solaris, BSD, Other, Mac
cf_trimvars is a quick solution to trim and 'html escaped' structure variables, such as form and url variables.

By using this custom tag, not only you won't have to trim each and every variables manually, but also protect your code from cross site scripting (XSS) attack, cause you can set all URL and FORM variables to be escaped before sent to your application.

All of this can be done by simply adding 1 line in your Application.cfm.
Save your time trimming tons of URL and FORM variables, and prevent your whole application from cross site scripting vulnerabilities.

Learn more about XSS vulnerability: http://www.aspectsecurity.com/topten/xss.html

***Is this tag for you?
1. Count how many trim function you have on your application.
2. Check your application, especially URL and FORM variables from XSS attack.
3. You'll have the answer!

*** Requirements:
ColdFusion 5, MX and up

*** Usage:
exclude = "list of variables not to be trimmed"
dontescape = "list of variables not to be html escaped">

*** Examples:
1. Trim and escape all URL and FORM variables. Just put below line in your application.cfm


2. Trim and escape all URL and FORM variables, except form.UploadFile as it contains uploaded file.
Put below line in your application.cfm


3. Trim and escape all URL and FORM variables, except form.UploadFile cause it contains uploaded file, and HTMLText cause it contains HTML tags.
Put below line in your application.cfm


4. Trim query result.


SELECT PARKNAME, REGION, STATE
FROM Parks

License Information
  • Undisclosed - USD$9.99
Direct link to this listing:
Permalink
Rate this script now
hits: 282
downloads: 0
reviews: 0
rating: 0.0 / 5 (0 votes)
Script reviews & Comments

Script reviews & Comments

There are currently no reviews for this script. Be the first to review this script by filling in the review form.
Write a script review

Write a script review

  
Full Name
This is a required form field
Email address
This is a required form field
Tooltip
Title
This is a required form field
Tooltip
Comments
This is a required form field
Tooltip
Rating
This is a required form field
Tooltip
Enter the characters displayed above
This is a required form field
 
Required field - Denotes required field
Categories
.NET (358)
ASP (692)
ColdFusion (109)
Flash (40)
Java (530)
JavaScript (792)
Perl (626)
PHP (1756)
Python (61)
Ruby (9)
Banner
Statistics
Today
  • New listings
    0
  • Downloads
    45
This week
  • New listings
    9
  • Downloads
    585
This month
  • New listings
    9
  • Downloads
    464
Total
  • Members
    11387
  • Listings
    4973
  • Downloads
    737420
  • Categories
    313
  • Reviews
    744