Last updated on
Apr 27, 2021
Issue
Using cfinput set with validate="integer" allows the dollar symbol ($) to bypass the client side validation.
Solution
To workaround this issue, you mustvalidate that only true integers are entered into a cfinput by using validate="regex" with a pattern="^[0-9]*$" instead of using the validate="integer" attribute. For example:
<cfinput
type="text"
name="myInt"
validate="regex"
pattern="^[0-9]*$"
message="Please enter only valid integers!"
validateAt="onSubmit">
