Prevent XSS attacks site-wide

Question

I\'m new to ColdFusion, so I\'m not sure if there\'s an easy way to do this. I\'ve been assigned to fix XSS vulnerabilities site-wide on this CF site. Unfortunately, there a

Answer 1

The ColdFusion 9 Livedocs describe a setting called "scriptProtect" which allows you to utilize coldfusion's protection. I've have not used it yet, so I'm not sure how effective it is.

However, if you implement a third-party or your own method of handling it, you would most likely want to put it in the "onRequestStart" event of the application to allow it to handle the entire site when it comes to URL and FORM scope violations (because every request would execute that code).