Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

ya

  • Loading branch information...
commit f310ed9d10a53bc2acb7f2238ae15d6a51673acc 0 parents
Bradley Moore authored

Showing 3 changed files with 61 additions and 0 deletions. Show diff stats Hide diff stats

  1. +48 0 Application.cfc
  2. +6 0 README.md
  3. +7 0 index.cfm
48 Application.cfc
... ... @@ -0,0 +1,48 @@
  1 +<cfcomponent output= "false">
  2 +
  3 + <cfset this.name= "Request Scrubber" />
  4 +
  5 + <cffunction name= "onRequestStart"
  6 + hint= "I run at the start of requests (how clever).">
  7 +
  8 + <!--- Run Request Scrubber Before Anything Else --->
  9 + <cfset scrubRequest() />
  10 +
  11 + <!--- Application Related Stuff --->
  12 +
  13 + <!--- Cleanup Whitespace | Do not add space between cfcontent and cfreturn. --->
  14 + <cfcontent reset= true /><cfreturn true />
  15 +
  16 + </cffunction>
  17 +
  18 + <cffunction name= "scrubRequest"
  19 + output= "false" access= "private"
  20 + hint= "I attempt to remove attacks and setup the request">
  21 +
  22 + <cfscript>
  23 + var sKey= "";
  24 +
  25 + if( isDefined( "form" ) ) {
  26 + for ( sKey in form ) {
  27 + form[ sKey ]= htmlEditFormat( form[ sKey ] );
  28 + form[ sKey ]= reReplaceNoCase( form[ sKey ] ,
  29 + "<[^>]*>" , "" ,
  30 + "all" );
  31 +
  32 + }
  33 +
  34 + }
  35 +
  36 + for ( sKey in url ) {
  37 + url[ sKey ]= htmlEditFormat( url[ sKey ] );
  38 + url[ sKey ]= reReplaceNoCase( url[ sKey ] ,
  39 + "<[^>]*>" , "" ,
  40 + "all" );
  41 +
  42 + }
  43 +
  44 + </cfscript>
  45 +
  46 + </cffunction>
  47 +
  48 +</cfcomponent>
6 README.md
Source Rendered
... ... @@ -0,0 +1,6 @@
  1 +Request Scrubber: ColdFusion XSS Protection
  2 +
  3 +Original Post
  4 +http://orangexception.com/post/6326362248/request-scrubber-coldfusion-xss-protection
  5 +
  6 +edit
7 index.cfm
... ... @@ -0,0 +1,7 @@
  1 +<h1>Request Scrubber</h1>
  2 +
  3 +<p>Everything of note happens in Application.cfc</p>
  4 +<p>Make sure you understand what htmlEditFormat does. It affects how information will be used inside the application.</p>
  5 +
  6 +<cfdump var= "#url#" />
  7 +<cfdump var= "#form#" />

0 comments on commit f310ed9

Please sign in to comment.
Something went wrong with that request. Please try again.