Title:
Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration
| View in TrackerStatus/Resolution/Reason: Closed/Fixed/
Reporter/Name(from Bugbase): Dan Switzer / Dan Switzer (Dan Switzer)
Created: 10/14/2009
Components: Language
Versions: 9.0
Failure Type: Unspecified
Found In Build/Fixed In Build: 0000 /
Priority/Frequency: Minor / Unknown
Locale/System: English / Platforms All
Vote Count: 10
Problem:
I'd also love to see CF add better XSS integration integration. The OWASP AntiSamy project would be a wonderful OS project to integrate into CF:http://www.owasp.org/index.php/Category:OWASP_AntiSamy_ProjectEssentially it allows you to parse a string and remove potential XSS attacks.I wrote a blog entry a while back showing how to use AntiSamy in CF:http://blog.pengoworks.com/index.cfm/2008/1/3/Using-AntiSamy-to-protect-your-CFM-pages-from-XSS-hacksIt just seems like with increasing XSS attacks out there, that implementing some native functions for cleaning out user input would be nice.CF is really lacking in good XSS tools and there really should be a robust solution for this in CF. Too many people are implementing WYSIWYG controls on their websites, without properly checking that input to make sure it's safe from various XSS vector attacks.(NOTE: I don't see this as anything automated, but available as functions/methods within the language for the programmer to use to clean input.)
Method:
Result:
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3040283
External Customer Info:
External Company:
External Customer Name: Dan Switzer
External Customer Email: 40F50E07427F7E67992016B7
External Test Config: 10/14/2009Attachments:
Comments: