Skip to main content
Ben Nadel
On User Experience (UX) Design, JavaScript, ColdFusion, Node.js, Life, and Love.

David Epler

Member since Dec 11, 2008

Recent Blog Comments By David Epler

  • For Better Security Use HtmlEditFormat() In Conjunction With JSStringFormat() In ColdFusion

    Posted on Jan 2, 2014 at 11:15 AM

    I would echo what Andy says in using the OWASP ESAPI encoders instead of HTMLEditFormat() or JSStringFormat() (and XMLFormat(), URLDecode(), URLEncodedFormat()) since the ESAPI encoders/decoders are much better tested. Because of this there is a good chance that HTMLEditFormat (and other functions t... read more »

  • Does The World Know That You Use ColdFusion?

    Posted on Aug 16, 2007 at 10:54 AM

    Actually, playing with this a bit more. Tried out through builtwith and it reports back ColdFusion for the framework. House of Fusion does not report a X-Powered-By , so what ever they are analyzing to report ColdFusion is probably also tied to session cookies CFGLOBALS, CFID, CF... read more »

  • Apparently Runs On ASP.NET - News To Me

    Posted on Aug 15, 2007 at 3:35 PM

    Unfortunately, it looks like they are getting that from the X-Powered-By line in the response header that is getting sent by the server. Shame ColdFusion doesn't inject a line like that into the response header.... read more »