<cf tags are not removed by the editor, neither are ASP (<%) or (<asp:) tags removed
|Reported by:||sirmeili||Owned by:|
I see that in the config file you can set protected sources like php and asp. I run my site on a CF server and need to limit the users from putting <cf tags in the editor. Perhaps a good fix would be to allow you to specify (using regex) tags you don't want. Basically the reverse of protected sources.
During my testing I noticed that though in the config it has commented out sections for the asp and asp.net tags, it also allowed them into the page.
Though for database stored pages, this wouldn't be a huge bug (at least on a CF server since CF wouldn't evaluate it) I am currently using this to store pages directly to files and need to have it strip out all CF code.
On a side note, it does seem to be working for php and stripping out that ('<?' or '<?php').
If you need to know, All CF tags start with '<cf' so stripping them out shouldn't be a problem using regex.