Get Your Flu Shot

This weekend after Luke’s fencing class (yes, I still like going, it’s really funny to watch the instructors tell little children they can be run through and then they’re dead if they don’t pay attention) we all went to get a flu shot.   This wasn’t just any flu shot, and no, it was not the H1N1, it was a community sponsored event that is training emergency response teams to manage crowds during a mass vaccination, should one be necessary.  I thought it was a great idea, we get something for volunteering to be the ‘mass’, and the police and volunteers get to stand around and chat while people not-so-frantically rush through the lines to get their non-emergency vaccinations.  So, it’s not much of a training exercise, but, it was a free flu shot, so, it’s still awesome.In coldfusion, we have many opportunities to get our free flu shots, or, malicious code injection vaccination.  I’ve blogged a few times about keeping your data entry fields safer, there are hundreds of techniques to do so, some of which I’ve written about, some I have not.  One great way to get rid of potential problems is to eliminate any html in your form submissions.  This will of course keep bad links from appearing in emails, or generally prevent unruly things from happening to the recipient of the form (whether it be email or data source or whatever).  There are of course many ways to do this, some would prevent the form submission from happening to begin with, and some would just ‘sanitize’ the submission itself.  This example will do the latter.  I loop through all of my form fields and just strip out any tags (<a></a>) and simply provide the text that was contained inside.  It will completely remove anything contained within what appears to be tags defined by open and closed angle brackets (the less than symbol, followed by a greater than symbol), so, caution is always necessary.<cfif not StructIsEmpty(form)><cfloop collection=”#form#” item=”field”><cfif field neq “fieldnames”><cfset form[field] = rereplacenocase(form[field],’<[^>]*>’, ”, ‘all’)></cfif></cfloop></cfif>