Solved

disabled "Global Script Protection" in CF Administrator to allow OBJECT and EMBED tags; is there another way to allow these tags?

Posted on 2011-03-04
7
554 Views
Last Modified: 2012-05-11
ColdFusion Version 9.0.1
Latest hotfixes applied.

In brief:

In ColdFusion Administrator I turned off (unchecked) "Enable Global Script Protection". I know it is not safe to disable Global Script Protection. Is there a way to enable Global Script Protection but tell ColdFusion to permit EMBED and OBJECT tags?

Details:

Why did I disable Global Script Protection? Because I use the TinyMCE javascript WYSIWYG editor, and when I try to embed these tags: OBJECT; EMBED, then ColdFusion automatically removes them and replaces them with "InvalidTag". This problem is documented on Ray Camden's blog:

http://www.coldfusionjedi.com/index.cfm/2007/1/5/Where-the-heck-is-InvalidTag-coming-from

So, I need to figure out a way to enable Global Script Protection, yet tell ColdFusion to permit EMBED and OBJECT tags. Can I add a line to application.cfc to achieve this? Thank you for any advice.

Eric
0
Comment
Question by:Eric Bourland
  • 4
  • 3
7 Comments
 
LVL 52

Expert Comment

by:_agx_
ID: 35040163
The comments in the link suggest adding: scriptProtect = "No" would work.
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 35040222
>>>scriptProtect = "No"

I saw that too ... but am not sure where to enter that parameter.

I saw this:

<cfapplication name="#prefix#_blog_#blogname#" sessionManagement="true" loginStorage="session" scriptprotect="none">

but I do not use the cfapplication tag.

Would it go in application.cfc?
0
 
LVL 52

Accepted Solution

by:
_agx_ earned 500 total points
ID: 35040268
Yes. You set it  in the first section where the application name, sessionMangement, ... are declared.

    <cfset this.name = "MyApplication">
    <cfset this.scriptProtect = "No" >
    etc....
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 52

Expert Comment

by:_agx_
ID: 35040277
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 35040305
This worked like a charm.

Holy bananas. I was working on that problem for weeks. In the process I did a great deal about the very useful TinyMCE editor.

Thank you as always, _agx_. =)

E
0
 
LVL 3

Author Closing Comment

by:Eric Bourland
ID: 35040320
Thank you as always, _agx_.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 35040337
Welcome :)
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article  is about submitting  form through  ColdFusion.Ajax.submitForm to the action page and send a response back in JSON format which later can be decoded using ColdFusion.JSON.decode. By this way you can avoid the usual page refresh for subm…
This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question