Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. - Ref : Wikipedia
How do you protect your code from Cross Site Scripting (XSS), when your business requirements state that the user must be able to input HTML? This can be a difficult problem to solve and XSS is very difficult to filter against because there are hundreds of attack vectors. One way is to use any one of the industry standard Java Library ( AntiSamy, JSOUP ..etc ) instead of wrote our own custom XSS filtering CFML code. We (at MitrahSoft) prefer to use AntiSamy because of it's flexibility, wide spread usage & support. AntiSamy uses a XML policy file that defines what HTML tags and attributes can be allowed in your application.
REST (REpresentational State Transfer), is an architectural style for providing standards for communicate between various computer applications (Web, Mobile, IoT..etc). REST API is the future and it is de facto standard in modern SPA (single page applications) applications. here it explains the implementation of REST API using FW1 framework. You might consumed various famous REST APIs (google maps API, PayPal API etc.,) in our applications. But building a RESTful web service, like other programming skills is part art.
In this blog post, we are going to learn, how to build a RESTful web service using FW/1 framework in Adobe ColdFusion or Lucee. FW1 is a ColdFusion lightweight MVC framework developed by Sean Corfield.