Rob Gonda's Blog

Annoying invalidtag appearing from nowhere

So lately I ran into this problem where my CMS was converting Flash embed tags into invalidtags and it drove me crazy ... I initially blamed the fckeditor, but when I tried to update my DB with a plain textarea and it did the same I realized the problem must be either in the DB or in my drivers... For those of you who haven't experienced this yet, every time you submit text content to be saved in the db, and 'script', 'embed', and probably many other tags will be automatically replaced by 'invalidtag' tags.... so my clients were uploading swfs, and it kept breaking.

I finally found the problem... ColdFusion has an option in the admin:  Enable Global Script Protection, which I guess after the 7.0.2 update started blocking embed tags coming from form posts. I'm not sure how much protection it provides me since I'm usually pretty good validating all my data, but this fact alone made me turn it off in every development and production server.

Now you know, if you start seeing invalidtag's appearing randomly, just disable the global script protection ...

TrackBacks
There are no trackbacks for this entry.

Trackback URL for this entry:
http://www.robgonda.com/blog/trackback.cfm?9A288EEF-3048-7431-E426DA044606706B

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
I have also created a workaround for FCK in Ray Camdens blog.. This can be quite easily adapted to work in your own particular environment.

http://www.beetrootstreet.com/blog/index.cfm/2008/...

Hope it helps

Martin
# Posted By ColdFusion developer | 6/12/08 10:28 AM
I had the issue where when I inserted cfscript into FCKeditor and it replaced all instances with invlide tag.
I do not have Enable Global Script protection on and it still replaces the cfscript...?

My work around was to replace all invalidtag with cfscript using cf replace funtion.

http://travis.sutphinfamily.com/pages/index.cfm?id...

Is there a better way?
# Posted By Travis | 3/4/09 10:49 AM
This blog is running version 5.9.003. Contact Blog Owner