Search SSWUG.ORG:

DATABASES

SerializeJson() Escapes Forward-Slashes In ColdFusion This is an off-site link.  Please review our Terms of Service for additional information.




(Ben Nadel) After my post yesterday about security precautions when using jsStringFormat() in ColdFusion, I wondered if the serializeJson() function would be susceptible to the same kind of Cross-Site Scripting (XSS) attack. Luckily, serializeJson() escapes forward-slashes, which prevents the premature closing of Script tags.

Read this article...







comments powered by Disqus