Pop-Out
<!--- Clear known empty form inputs --->
<cfif structKeyExists(attributes,"submit")>
<cfset attributes.submit="" />
</cfif>
<cfloop collection="#attributes#" item="x">
<cfset myText = trim(attributes[x]) />
<cfif len(myText)>
<!--- known SQL Injection attackts --->
<cfset reAttack = "^[A-F0-9]+'?(:?\s|%20)+(:?AND|OR)(:?\s|%20)" />
<cfset reAttack = ListAppend(reAttack,"^[0-9]'[0-9]","|") />
<cfset reAttack = ListAppend(reAttack,"\b([A-Z0-9]+)(:?\s|%20)*'?(:?\s|%20)*=(:?\s|%20)*'?(:?\s|%20)*\1\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bis(:?\s|%20)+(:?not(:?\s|%20)+)?null\b","|") />
<cfset reAttack = ListAppend(reAttack,"(:?&##x?[A-F0-9]{2,3};?){2,}","|") />
<cfset reAttack = ListAppend(reAttack,"(:?%[A-F0-9]{2,2}){2,}","|") />
<cfset reAttack = ListAppend(reAttack,"/\*\*/","|") />
<cfset reAttack = ListAppend(reAttack,"\bsysObjects\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bSELECT\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bUPDATE\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bINSERT\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bDELETE\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bUNION\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bDESC\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bEXEC\b","|") />
<cfset reAttack = ListAppend(reAttack,"'dbo'","|") />
<cfif reFindNoCase("(#reAttack#)",myText)>
<cfthrow type="userAttack" message="Suspected attack." detail="SQL Injection." />
</cfif>
<!--- known Cross Site Scripting attacts --->
<cfset reAttack = "</?script\b" />
<cfset reAttack = ListAppend(reAttack,"<body\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bjavascript(:?\s|%20)*:","|") />
<cfset reAttack = ListAppend(reAttack,"(:?\\n|\b)document\.\w","|") />
<cfset reAttack = ListAppend(reAttack,":(:?\s|%20)*url\(","|") />
<cfset reAttack = ListAppend(reAttack,"\bsrc(:?\s|%20)*=(:?\s|%20)*('|"")","|") />
<cfset reAttack = ListAppend(reAttack,"\bvbscript\b","|") />
<cfif reFindNoCase("(#reAttack#)",myText)>
<cfthrow type="userAttack" message="Suspected attack." detail="Cross Site Scripting." />
</cfif>
</cfif>
</cfloop>
<cfif structKeyExists(attributes,"submit")>
<cfset attributes.submit="" />
</cfif>
<cfloop collection="#attributes#" item="x">
<cfset myText = trim(attributes[x]) />
<cfif len(myText)>
<!--- known SQL Injection attackts --->
<cfset reAttack = "^[A-F0-9]+'?(:?\s|%20)+(:?AND|OR)(:?\s|%20)" />
<cfset reAttack = ListAppend(reAttack,"^[0-9]'[0-9]","|") />
<cfset reAttack = ListAppend(reAttack,"\b([A-Z0-9]+)(:?\s|%20)*'?(:?\s|%20)*=(:?\s|%20)*'?(:?\s|%20)*\1\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bis(:?\s|%20)+(:?not(:?\s|%20)+)?null\b","|") />
<cfset reAttack = ListAppend(reAttack,"(:?&##x?[A-F0-9]{2,3};?){2,}","|") />
<cfset reAttack = ListAppend(reAttack,"(:?%[A-F0-9]{2,2}){2,}","|") />
<cfset reAttack = ListAppend(reAttack,"/\*\*/","|") />
<cfset reAttack = ListAppend(reAttack,"\bsysObjects\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bSELECT\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bUPDATE\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bINSERT\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bDELETE\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bUNION\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bDESC\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bEXEC\b","|") />
<cfset reAttack = ListAppend(reAttack,"'dbo'","|") />
<cfif reFindNoCase("(#reAttack#)",myText)>
<cfthrow type="userAttack" message="Suspected attack." detail="SQL Injection." />
</cfif>
<!--- known Cross Site Scripting attacts --->
<cfset reAttack = "</?script\b" />
<cfset reAttack = ListAppend(reAttack,"<body\b","|") />
<cfset reAttack = ListAppend(reAttack,"\bjavascript(:?\s|%20)*:","|") />
<cfset reAttack = ListAppend(reAttack,"(:?\\n|\b)document\.\w","|") />
<cfset reAttack = ListAppend(reAttack,":(:?\s|%20)*url\(","|") />
<cfset reAttack = ListAppend(reAttack,"\bsrc(:?\s|%20)*=(:?\s|%20)*('|"")","|") />
<cfset reAttack = ListAppend(reAttack,"\bvbscript\b","|") />
<cfif reFindNoCase("(#reAttack#)",myText)>
<cfthrow type="userAttack" message="Suspected attack." detail="Cross Site Scripting." />
</cfif>
</cfif>
</cfloop>