InvalidTags in BlogCFC or your CF application

Adding the YouTube vid to my last post caused a little bit of any issue. Mainly the <embed> and <object> tags were replaced with <InvalidTag>. Thinking that Ray had turned into an evil Jedi master and prevented users using these tags I did a quick global find through the BlogCFC code. That left me scratching my head as I couldn't find any reference to it at all so I did what we all do....I went straight to Google.

It turns out the cause is a CF Admin setting that specifies whether to protect variables from cross-site scripting attacks. Not to worry though, this can be turned off via the <cfapplication> tag by adding the attribute scriptProtect="none" - Livedocs description

Ray, sorry for doubting your Jedi master status :o)

Posted: 28-Nov-2006

Permalink: here

Comments

I was just sitting on the throne reading the 7MX WACK about this. Weirdness

#1 Critter
28/Nov/06 11:58 AM

That could be a little too much shared wierdness :o)

#2 Andy J
28/Nov/06 12:11 PM

That's strange Russ (aka Snake) and I had this very same conversation yesterday.

#3 Nick Tong
28/Nov/06 1:35 PM

Repeat after me: Ray is never wrong. When Ray is wrong, you are wrong. There is no wrongness in the Ray. Except when there is. When is never. Um, etc. ;)

#4 Raymond Camden
28/Nov/06 2:19 PM

yeap, ran into this before... I was blaming with fckeditor prior to finding out about this CF unnecessary marvel. Unfortunately for me, a few months back Google did not have the answer. There is no wrongness in the Ray.

#5 Rob Gonda
29/Nov/06 1:31 AM

Andy Jarrett

InvalidTags in BlogCFC or your CF application

Comments