savetext() VS.cf_inputfilter - 孤独如雷的日志 - 网易博客 : savetext() VS.cf_inputfilter 2007-06-18 13:04:17 | 分类: ColdFusion | 字号 订阅 在过滤url和表单form传递的value的时候,我们尝试了很多种方法,避免自己的网站受到跨站攻击,而cf在Allaire 的时代就提供了一个cf_inputfilter,而我一直都找不到,所以后来在Sophek Tounn mail给我的code上我看到了savetext()的功能还蛮强大的,就贴给大家看 function safetext (text) { var mode = "escape"; var badTags = "SCRIPT,OBJECT,APPLET,EMBED,FORM, LAYER,ILAYER,FRAME,IFRAME,FRAMESET,PARAM,META"; var badEvents = "onClick,onDblClick,onKeyDown,onKeyPress,onKeyUp,onMouseDown, onMouseOut,onMouseUp,onMouseOver,onBlur,onChange,onFocus,onSelect,_javascript_:"; var stripperRE = ""; var theText = trim(text); var obracket = find("<",theText); var badTag = ""; var nextStart = ""; if(arraylen(arguments) GT 1 AND isBoolean(arguments[2]) AND arguments[2]) mode = "strip"; if(arraylen(arguments) GT 2 and len(arguments[3])) badTags = argum...