[thelist] Removing tags in an input field: What else to remove?
Ben Dyer
ben_dyer at imaginuity.com
Mon May 14 11:01:26 CDT 2001
Hey guys,
I've written a script in ColdFusion to strip out tags that we don't want
people to use for input boxes for an administration section. I've got all
of the HTML tags (except ones that are kosher like <strong> and <em>),
including the potentially nasty ones like <script>, <object> and
<applet>. It removes ColdFusion tags, everything from <! to > and
everything from <% to %>. I've even gotten the Microsoft Word "Save as
Crappy HTML" tags like <o: > and <w: >.
Basically, is there anything that I'm missing? I've been running the
gauntlet of things I can think of: Frontpage webbots (falls under <!
... >), comments, ColdFusion variables, etc. Is there anything else that
could be misused that I haven't thought of?
Thanks!
--Ben
<!-----------------------
Ben Dyer
Senior Internet Developer
Imaginuity Interactive
http://www.imaginuity.com
//---------------------->
More information about the thelist
mailing list