I'm trying to fix some XSS errors with my code. #getEmailRecord is the line that contains the problem. How do I fix a piece of code like this? The error: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). Veracode cleansing solution: coldfusion.runtime.CFPage.HTMLEditFormat
tr>
<td> </td>
<td class="left"><b>To: </b></td>
<td class="left">#getEmailRecord.EMAIL_TO#</td></tr>
<tr><td colspan="4"> </td></tr>
Thanks! This is my first time doing something like this so any help is much appreciated.
Veracode cleansing solution: coldfusion.runtime.CFPage.HTMLEditFormat The recommended solution tells you what to do. Wrap any variables which contain user supplied data that you utilize in your code in #HTMLEditFormat()#.
<td class="left">#HTMLEditFormat(getEmailRecord.EMAIL_TO)#</td></tr>
Description
Replaces special characters in a string with their HTML-escaped equivalents.
Add if you are on ColdFusion 10 or newer you have even more options - EncodeFor Functions