Permalink
Browse files

ya

  • Loading branch information...
0 parents commit f310ed9d10a53bc2acb7f2238ae15d6a51673acc @orangexception committed Sep 16, 2011
Showing with 61 additions and 0 deletions.
  1. +48 −0 Application.cfc
  2. +6 −0 README.md
  3. +7 −0 index.cfm
48 Application.cfc
@@ -0,0 +1,48 @@
+<cfcomponent output= "false">
+
+ <cfset this.name= "Request Scrubber" />
+
+ <cffunction name= "onRequestStart"
+ hint= "I run at the start of requests (how clever).">
+
+ <!--- Run Request Scrubber Before Anything Else --->
+ <cfset scrubRequest() />
+
+ <!--- Application Related Stuff --->
+
+ <!--- Cleanup Whitespace | Do not add space between cfcontent and cfreturn. --->
+ <cfcontent reset= true /><cfreturn true />
+
+ </cffunction>
+
+ <cffunction name= "scrubRequest"
+ output= "false" access= "private"
+ hint= "I attempt to remove attacks and setup the request">
+
+ <cfscript>
+ var sKey= "";
+
+ if( isDefined( "form" ) ) {
+ for ( sKey in form ) {
+ form[ sKey ]= htmlEditFormat( form[ sKey ] );
+ form[ sKey ]= reReplaceNoCase( form[ sKey ] ,
+ "<[^>]*>" , "" ,
+ "all" );
+
+ }
+
+ }
+
+ for ( sKey in url ) {
+ url[ sKey ]= htmlEditFormat( url[ sKey ] );
+ url[ sKey ]= reReplaceNoCase( url[ sKey ] ,
+ "<[^>]*>" , "" ,
+ "all" );
+
+ }
+
+ </cfscript>
+
+ </cffunction>
+
+</cfcomponent>
6 README.md
@@ -0,0 +1,6 @@
+Request Scrubber: ColdFusion XSS Protection
+
+Original Post
+http://orangexception.com/post/6326362248/request-scrubber-coldfusion-xss-protection
+
+edit
7 index.cfm
@@ -0,0 +1,7 @@
+<h1>Request Scrubber</h1>
+
+<p>Everything of note happens in Application.cfc</p>
+<p>Make sure you understand what htmlEditFormat does. It affects how information will be used inside the application.</p>
+
+<cfdump var= "#url#" />
+<cfdump var= "#form#" />

0 comments on commit f310ed9

Please sign in to comment.