QuackFuzed [ Ramblings of a Con..ColdFuzed Mind ]

cfUniForm v4.6.0 - IMPORTANT PrettyComments XSS Vulnerability Fix Release

Posted on September 11, 2011 at 5:38 PM in ColdFusion, Uni-Form Tag Library, jQuery

IMPORTANT: If you have textareas in any of your forms, you will want to upgrade!

A big THANK YOU! to Marc Esher for identifying an XSS vulnerability with the plugin that cfUniForm had previously used for "expandable" textareas. Marc contacted the author of the PrettyComments jQuery plugin repeatedly in an effort to help the author resolve this issue. However, the author gave no indication that he was interested in a fix. Because of this, cfUniForm now uses Elastic for expandable textareas.

[Continue Reading]

Comments

(Comment Moderation is enabled. Your comment will not appear until approved.)

On 9/12/11 at 10:36 PM, Glenn said:

Thanks for the latest update & fixing the XSS vulnerability. Just installed and all appears to be well. :-)

On 9/13/11 at 12:07 AM, Matt Quackenbush said:

@ Glen - The thanks goes to Marc Esher, seriously! But I *am* super glad to hear that it all appears well for you. :-)

On 12/30/11 at 6:54 AM, Matthew said:

Where do I find basic documentation on this project? Thanks

On 2/9/12 at 6:07 AM, Matt Quackenbush said:

@ Matthew - Somehow missed this comment, but in case you have not yet found it, the link is under the "Quick Links" on every page. Or here:

http://www.quackfuzed.com/demos/cfUniForm/

:-)

On 4/13/12 at 2:38 AM, George Murphy said:

Hi Matt, I'll see you at cfObejective. Quick question, have you done any demo pages for use of the jQuery UI? Like tabs and things like that?

On 6/13/12 at 9:43 PM, Matt Quackenbush said:

@ George - It was great to see you at cf.Objective(). Looks like I've not gotten the latest updates on the demo section, but the jQuery UI demos are in the GitHub repo. HTH!

[Add Comment]