Home | Blog | Twitter @AndyJ | Contact Me | Snippets/Downloads | RSS

InvalidTags in BlogCFC or your CF application

Posted At : November 28, 2006 6:26 AM | Posted By : Andy Jarrett
Related Categories: ColdFusion

Adding the YouTube vid to my last post caused a little bit of any issue. Mainly the <embed> and <object> tags were replaced with <InvalidTag>. Thinking that Ray had turned into an evil Jedi master and prevented users using these tags I did a quick global find through the BlogCFC code. That left me scratching my head as I couldn't find any reference to it at all so I did what we all do....I went straight to Google.

It turns out the cause is a CF Admin setting that specifies whether to protect variables from cross-site scripting attacks. Not to worry though, this can be turned off via the <cfapplication> tag by adding the attribute scriptProtect="none" - Livedocs description

Ray, sorry for doubting your Jedi master status :o)

Comments Comments (0) | Send Send | del.ico.us del.icio.us | Digg It! Digg It! | Linking Blogs Linking Blogs | 1175 Views
TweetBacks
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

There are no comments for this entry.

[Add Comment] [Subscribe to Comments]
BlogCFC / created by Raymond Camden / running version 5.9.5.003 / Contact AndyJarrett.com / Pet Rescue SOS www.redgiraffes.co.uk