Issue

Using cfinput set with validate="integer" allows the dollar symbol ($) to bypass the client side validation.

Solution

To workaround this issue, you mustvalidate that only true integers are entered into a cfinput by using validate="regex" with a pattern="^[0-9]*$" instead of using the validate="integer" attribute. For example:

<cfinput
		
	     type="text"
		
	     name="myInt"
		
	     validate="regex"
		
	     pattern="^[0-9]*$"
		
	     message="Please enter only valid integers!"
		
	     validateAt="onSubmit"> 

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy