InvalidTag encountered in web pages using ColdFusion due to cross site scripting protection
As you can see, I'm using Raymond Camdens excellent blog here. I recently tried to create a pod with some Javascript in it but every time I save the content the <SCRIPT...> tags gets converted to <INVALIDTAG...> - After some Googling and looking at a blog entry in Ramonds site it got me thinking about a workaround.
The problem lies with ColdFusion's cross site scripting tool. If for any reason you can't disable it or don't want to for security reasons the the code attached can sort this out for you.
There are 2 files that need creating - One in the client folder and one in the admin folder. They run at the end of the request and use the GetPageContext() function to replace INVALIDTAG which ColdFusion has already replaced and convert it back to a SCRIPT tag.
onRequestEnd.cfm to go into the blog /client/ folder
<!--- Kludge to get around ColdFusion cross site scripting replacement of SCRIPT tags to INVALIDTAG
Martin Parry - 7th June 2008
martin.parry@beetrootstreet.com
--->
<cfset pageContent = getPageContext().getOut().getString()> <cfset getPageContext().getOut().clearBuffer()> <cfset pageContent = ReplaceNoCase(pageContent , "<invalidtag", "<script", "all")> <cfoutput>#pagecontent#</cfoutput> <cfabort>
onRequestEnd.cfm to go into the blog /client/admin/ folder
<cfinclude template="../onRequestEnd.cfm">
I created a blog entry with the object tag several years ago when running CF7, and the blog entry has been working fine and displaying the embedded videos even after updating to CF8. However, today I modified the blog entry, and suddenly all object tags were replaced with InvalidTag... so I wonder why the autoreplace wasn't happening before I modified the blog entry today.