Skip to content

Instantly share code, notes, and snippets.

@chrisdpeters
Last active August 10, 2017 13:14
Show Gist options
  • Save chrisdpeters/0141ffd2404ecd126f04e16172271a89 to your computer and use it in GitHub Desktop.
Save chrisdpeters/0141ffd2404ecd126f04e16172271a89 to your computer and use it in GitHub Desktop.
Never output anything to a browser without a formatting filter http://blog.chrisdpeters.com/formatting-filter/
<h1>
<a href="/posts/fart">&lt;script&gt;>alert('All your base are belong to us!');&lt;/script&gt;</a>
</h1>
<p class="post-meta">
&lt;script&gt;sendCookieInfoToAnotherServer = function() { /* ... */ }; sendCookieInfoToAnotherServer();&lt;/script&gt;
</p>
<h2>Banana Comments</h2>
<h1>
<a href="/posts/fart"><script>alert('All your base are belong to us!');</script></a>
</h1>
<p class="post-meta">
<script>sendCookieInfoToAnotherServer = function() { /* ... */ }; sendCookieInfoToAnotherServer();</script>
</p>
<h2>Banana Comments</h2>
<cfoutput>
<h1>
#linkTo(text=h(post.title), route="post", key=h(post.key()))#
</h1>
<p class="post-meta">
#DateFormat(post.publishedAt)#
</p>
<h2>#NumberFormat(post.commentsCount)# Comments</h2>
</cfoutput>
<cfoutput>
<h1>
#linkTo(text=post.title, route="post", key=post.key())#
</h1>
<p class="post-meta">
#post.publishedAt#
</p>
<h2>#post.commentsCount# Comments</h2>
</cfoutput>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment