[thelist] removing line feed and carriage return characters in coldfusion
Sarah Adams
mrsanders at designshift.com
Fri Jul 21 12:03:14 CDT 2006
In my reading about how to prevent email header injection attacks, I've
seen many references to removing the following new line characters:
\n and %0A - line feed
\r and %0D - carriage return
Unfortunately all the articles I found were specific to PHP, so I'm not
quite sure how to translate this into ColdFusion. Here's what I was
thinking:
<cfif REFindNoCase("[\n#Chr(10)#\r#Chr(13)#]", Form.Email)>
But I'm really not sure if Chr(10) is equivalent to %0A (or, for that
matter, why checking for \n and \r isn't enough). Suggestions?
--
sarah adams
web developer & programmer
portfolio: http://sarah.designshift.com
blog: http://hardedge.ca
More information about the thelist
mailing list