Solved

disabled "Global Script Protection" in CF Administrator to allow OBJECT and EMBED tags; is there another way to allow these tags?

Posted on 2011-03-04
7
539 Views
Last Modified: 2012-05-11
ColdFusion Version 9.0.1
Latest hotfixes applied.

In brief:

In ColdFusion Administrator I turned off (unchecked) "Enable Global Script Protection". I know it is not safe to disable Global Script Protection. Is there a way to enable Global Script Protection but tell ColdFusion to permit EMBED and OBJECT tags?

Details:

Why did I disable Global Script Protection? Because I use the TinyMCE javascript WYSIWYG editor, and when I try to embed these tags: OBJECT; EMBED, then ColdFusion automatically removes them and replaces them with "InvalidTag". This problem is documented on Ray Camden's blog:

http://www.coldfusionjedi.com/index.cfm/2007/1/5/Where-the-heck-is-InvalidTag-coming-from

So, I need to figure out a way to enable Global Script Protection, yet tell ColdFusion to permit EMBED and OBJECT tags. Can I add a line to application.cfc to achieve this? Thank you for any advice.

Eric
0
Comment
Question by:Eric Bourland
  • 4
  • 3
7 Comments
 
LVL 52

Expert Comment

by:_agx_
ID: 35040163
The comments in the link suggest adding: scriptProtect = "No" would work.
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 35040222
>>>scriptProtect = "No"

I saw that too ... but am not sure where to enter that parameter.

I saw this:

<cfapplication name="#prefix#_blog_#blogname#" sessionManagement="true" loginStorage="session" scriptprotect="none">

but I do not use the cfapplication tag.

Would it go in application.cfc?
0
 
LVL 52

Accepted Solution

by:
_agx_ earned 500 total points
ID: 35040268
Yes. You set it  in the first section where the application name, sessionMangement, ... are declared.

    <cfset this.name = "MyApplication">
    <cfset this.scriptProtect = "No" >
    etc....
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 52

Expert Comment

by:_agx_
ID: 35040277
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 35040305
This worked like a charm.

Holy bananas. I was working on that problem for weeks. In the process I did a great deal about the very useful TinyMCE editor.

Thank you as always, _agx_. =)

E
0
 
LVL 3

Author Closing Comment

by:Eric Bourland
ID: 35040320
Thank you as always, _agx_.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35040337
Welcome :)
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
I spent nearly three days trying to figure out how incorporate OAuth in Coldfusion for the Eventful API. Hopefully, this article will allow Coldfusion Programmers to buzz through the API when they need to. Basically, what this script does is authori…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question