Lionel Holt

Recent Blog Comments By Lionel Holt

• ColdFusion Performance Experiment: Caching Per-Application Settings In Lucee CFML 5.3.3.62

  Posted on Jul 3, 2022 at 9:41 PM

  In your experience have you found that the lack of significant performance difference also applies to UDF library components in the Application scope? I'm exploring that very topic over in the Lucee dev forum .... read more »

• Case Study: Removing Implicit Variable Access At Scale In Lucee CFML 5.3.7.47

  Posted on Jun 22, 2022 at 10:02 AM

  I got sidetracked a few days ago when I read in the Lucee Dev Forum that IsDefined() was deprecated. Researching that led me to several of your articles, this one being the most recent. I posted a new topic that I'll hope you'll read and maybe comment on and/or like, and not just because I q... read more »

• Using The OWASP Java HTML Sanitizer In Lucee CFML 5.3.7.48 To Sanitize HTML Input And Prevent XSS Attacks

  Posted on Jun 18, 2022 at 8:46 PM

  Looking at the GitHub repo for Lucee's ESAPI extension , I see that the commit was actually farther back on Feb 23, but apparently it wasn't until April when Jake01 in the dev forum asked about sanitizing HTML that it was then announced and bundled in Lucee 5.3.9 RC3 . The responsiveness... read more »

• Using The OWASP Java HTML Sanitizer In Lucee CFML 5.3.7.48 To Sanitize HTML Input And Prevent XSS Attacks

  Posted on Jun 17, 2022 at 5:11 PM

  I did some experimenting with jsoup and found that even with the relaxed Safelist, it's removing things I don't want it to such as style and target attributes. I assume the default behavior can be modified, but that's also true of OWASP. For years I've been using jsoup for parsing links from... read more »

• Using The OWASP Java HTML Sanitizer In Lucee CFML 5.3.7.48 To Sanitize HTML Input And Prevent XSS Attacks

  Posted on Jun 2, 2022 at 1:21 PM

  Ben, do you have experience with how OWASP's Sanitizer compares vs jsoup's Cleaner?... read more »