Andy McDonald
Member since Jan 2, 2014
- Profile: /members/11513-andy-mcdonald.htm
- Comments: 1
Recent Blog Comments By Andy McDonald
-
For Better Security Use HtmlEditFormat() In Conjunction With JSStringFormat() In ColdFusion
Posted on Jan 2, 2014 at 10:22 AM
Wow - I had no idea you could break out of JSStringFormat(). That really has to be considered a CF bug, I think. Does this exploit work for CF10's EncodeForJavaScript()? I bet it doesn't because the OWASP people know what they're doing. The CF9 equivalent would be <cfset CreateObject("ja... read more »
