• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 620
  • Last Modified:

disabled "Global Script Protection" in CF Administrator to allow OBJECT and EMBED tags; is there another way to allow these tags?

ColdFusion Version 9.0.1
Latest hotfixes applied.

In brief:

In ColdFusion Administrator I turned off (unchecked) "Enable Global Script Protection". I know it is not safe to disable Global Script Protection. Is there a way to enable Global Script Protection but tell ColdFusion to permit EMBED and OBJECT tags?

Details:

Why did I disable Global Script Protection? Because I use the TinyMCE javascript WYSIWYG editor, and when I try to embed these tags: OBJECT; EMBED, then ColdFusion automatically removes them and replaces them with "InvalidTag". This problem is documented on Ray Camden's blog:

http://www.coldfusionjedi.com/index.cfm/2007/1/5/Where-the-heck-is-InvalidTag-coming-from

So, I need to figure out a way to enable Global Script Protection, yet tell ColdFusion to permit EMBED and OBJECT tags. Can I add a line to application.cfc to achieve this? Thank you for any advice.

Eric
0
Eric Bourland
Asked:
Eric Bourland
  • 4
  • 3
1 Solution
 
_agx_Commented:
The comments in the link suggest adding: scriptProtect = "No" would work.
0
 
Eric BourlandAuthor Commented:
>>>scriptProtect = "No"

I saw that too ... but am not sure where to enter that parameter.

I saw this:

<cfapplication name="#prefix#_blog_#blogname#" sessionManagement="true" loginStorage="session" scriptprotect="none">

but I do not use the cfapplication tag.

Would it go in application.cfc?
0
 
_agx_Commented:
Yes. You set it  in the first section where the application name, sessionMangement, ... are declared.

    <cfset this.name = "MyApplication">
    <cfset this.scriptProtect = "No" >
    etc....
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Eric BourlandAuthor Commented:
This worked like a charm.

Holy bananas. I was working on that problem for weeks. In the process I did a great deal about the very useful TinyMCE editor.

Thank you as always, _agx_. =)

E
0
 
Eric BourlandAuthor Commented:
Thank you as always, _agx_.
0
 
_agx_Commented:
Welcome :)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now