For Better Security Use HtmlEditFormat() In Conjunction With JSStringFormat() In ColdFusion This is an off-site link.  Please review our Terms of Service for additional information.

(Ben Nadel) ColdFusion 9 (and earlier) provides several methods for escaping values in various contexts. ColdFusion 10 adds several more of these functions, with a nod to the OWASP security project. But, for the time-being, I wanted to talk about ColdFusion 9's jsStringFormat() and htmlEditFormat() functions and demonstrate why they should be used in conjunction inside of a JavaScript context.

Read this article...

comments powered by Disqus