After applying hotfix APSB11-04, even this simple script fails:
<cflayout type="tab">
<cflayoutarea title="blah">
blah blah blah
</cflayoutarea>
</cflayout>
The error in exception.log is:
org.owasp.esapi.errors.ValidationException: CFContainerID: Invalid input.
Please conform to: CFContainerID with a maximum length of 100
Please conform to: CFContainerID with a maximum length of 100
at org.owasp.esapi.reference.DefaultValidator.getValidInput(DefaultValidator.java:140)
at org.owasp.esapi.reference.DefaultValidator.getValidInput(DefaultValidator.java:166)
at coldfusion.security.ESAPIUtils.getValidateInput(ESAPIUtils.java:377)
at coldfusion.tagext.html.ajax.HtmlAssembler.setContainerId(HtmlAssembler.java:543)
at coldfusion.tagext.html.ajax.LayoutAreaTag.doStartTag(LayoutAreaTag.java:492)
Is it just me? (We have sandbox security enabled.)