[thelist] removing line feed and carriage return characters in coldfusion

Sarah Adams mrsanders at designshift.com
Fri Jul 21 12:03:14 CDT 2006


In my reading about how to prevent email header injection attacks, I've
seen many references to removing the following new line characters:

\n and %0A - line feed
\r and %0D - carriage return

Unfortunately all the articles I found were specific to PHP, so I'm not
quite sure how to translate this into ColdFusion. Here's what I was
thinking:

<cfif REFindNoCase("[\n#Chr(10)#\r#Chr(13)#]", Form.Email)>

But I'm really not sure if Chr(10) is equivalent to %0A (or, for that
matter, why checking for \n and \r isn't enough). Suggestions?

-- 
sarah adams
web developer & programmer
portfolio: http://sarah.designshift.com
blog: http://hardedge.ca



More information about the thelist mailing list