Archive for category ‘Coldfusion’

I decided to shut down my site and start from the ground up. The site was about 4 years old and was in need of a redesign. So I decided to make it a blog. In the blog I cold put all my source code and everything else I wanted to do.

My site was on a Coldfusion 7 server. So I requested that my host, CrystalTech, move it to a Coldfusion 8 server. I submitted the form and it said it would take up to 24 hours. After I woke up the next day I was excited to start working on the site. The problem was, after 31 hours, they still hadn’t moved it to the new server. So I submitted a ticket asking what the issue was. Apparently they never got the request. I have trouble believing this because I got the confirmation email that the request was submitted. So I had to resubmit the request and wait another 24 hours in order to start working on the site.

Ever since CrystalTech got bought up by Newtek, their server has really gone downhill. Every time I request something to be done, I have to stay on them to make sure they do it. Otherwise they mess it up somehow.

I started putting a bunch of my source code in the labs section of the blog. What I started out doing was providing a link to click on to see the demo. From there you could right click and get the source. What I decided was better was to have the demo on the page which you would be able to right click and view source.

The problem I was running into was the “script” tags were getting converted to “InvalidTag” after I submitted the form. So a simple tag like <script type=”text/javascript”> would be converted to <InvalidTag type=”text/javascript”>

At first I thought it was Mango Blog that was at fault. It turns out Coldfusion was the one to blame. It’s called Global Script Protection. It’s in place starting with I think Coldfusion MX 7. It was created as a way to help prevent SQL injection. In Coldfusion Administrator, by default, it is set to “all” which means that script, embed, and I believe, object tags get converted to “InvalidTag.”

Unfortunatly my website is on a shared hosting server. So changing the Global Stript Protection wasn’t an option. I love Adobe! They even put a way to change the Global Script Protection inside the code.

In the cfapplication tag there is a property called scriptProtect. By detfault it is “all” This can be changed to “none” to disable it completely. You can also set it to a comma seperated list of variables to look at like “url, form, cookie”

So for the purposes of Mango Blog in the Application.cfc file in the administration area I added scriptProtect=’url, cookie’ and I am able to post Javascript now. Comments still won’t be able to use Javascript because I only did this for the administration area.