Last updated on
Apr 27, 2021
Issue
Using cfinput set with validate="integer" allows the dollar symbol ($) to bypass the client side validation.
Solution
To workaround this issue, you mustvalidate that only true integers are entered into a cfinput by using validate="regex" with a pattern="^[0-9]*$" instead of using the validate="integer" attribute. For example:
<cfinput type="text" name="myInt" validate="regex" pattern="^[0-9]*$" message="Please enter only valid integers!" validateAt="onSubmit">