Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

disabled "Global Script Protection" in CF Administrator to allow OBJECT and EMBED tags; is there another way to allow these tags?

Posted on 2011-03-04
7
Medium Priority
?
602 Views
Last Modified: 2012-05-11
ColdFusion Version 9.0.1
Latest hotfixes applied.

In brief:

In ColdFusion Administrator I turned off (unchecked) "Enable Global Script Protection". I know it is not safe to disable Global Script Protection. Is there a way to enable Global Script Protection but tell ColdFusion to permit EMBED and OBJECT tags?

Details:

Why did I disable Global Script Protection? Because I use the TinyMCE javascript WYSIWYG editor, and when I try to embed these tags: OBJECT; EMBED, then ColdFusion automatically removes them and replaces them with "InvalidTag". This problem is documented on Ray Camden's blog:

http://www.coldfusionjedi.com/index.cfm/2007/1/5/Where-the-heck-is-InvalidTag-coming-from

So, I need to figure out a way to enable Global Script Protection, yet tell ColdFusion to permit EMBED and OBJECT tags. Can I add a line to application.cfc to achieve this? Thank you for any advice.

Eric
0
Comment
Question by:Eric Bourland
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 52

Expert Comment

by:_agx_
ID: 35040163
The comments in the link suggest adding: scriptProtect = "No" would work.
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 35040222
>>>scriptProtect = "No"

I saw that too ... but am not sure where to enter that parameter.

I saw this:

<cfapplication name="#prefix#_blog_#blogname#" sessionManagement="true" loginStorage="session" scriptprotect="none">

but I do not use the cfapplication tag.

Would it go in application.cfc?
0
 
LVL 52

Accepted Solution

by:
_agx_ earned 2000 total points
ID: 35040268
Yes. You set it  in the first section where the application name, sessionMangement, ... are declared.

    <cfset this.name = "MyApplication">
    <cfset this.scriptProtect = "No" >
    etc....
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 52

Expert Comment

by:_agx_
ID: 35040277
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 35040305
This worked like a charm.

Holy bananas. I was working on that problem for weeks. In the process I did a great deal about the very useful TinyMCE editor.

Thank you as always, _agx_. =)

E
0
 
LVL 3

Author Closing Comment

by:Eric Bourland
ID: 35040320
Thank you as always, _agx_.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35040337
Welcome :)
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, Even though I have created this Tutorial on My personal Blog, Some people might not able to find my website, So here i am posting it again Today, from the topic it is very clear that i will be showing you here the very basic usage of how we …
This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question