This was one of those spend hours to find out it's an easy fix type thingy, so hopefully I can save someone the trouble in the future.
My clients want to be able to insert You Tube videos and Twitter modules into their web sites. By default, ColdFusion has an application variable that strips out <embed> <object> and <script> tags and replaces them with a <invalidTag>.
Most of the time, scriptProtect is really handy to keep spammers from being able to insert vile things into your database, but in this case I needed it turned off and didn't have access to my CF Administrator. No problem, I thought! I was using the CFWheels framework so just put this in the settings.cfm file:
<set Application.scriptProtect = "none">
I tested it. Didn't work. So I tried putting it in the events/onApplicationStart.cfm file. Still didn't work.
It turns out it has to be in the config/app.cfm file. At first I thought that maybe it was just my host (Hostek) but I also tested it on my Alurium hosting and had the same results there.
The very last paragraph on this page was the needle in the haystack that I had been looking for:
http://code.google.com/p/cfwheels/wiki/EventHandlers
No comments:
Post a Comment