I have some ColdFusion applications that contain javascript console.log debugging. In many cases, I didn't want to remove the code as it is beneficial for internal developers, but it didn't make sense for it to be displaying messages for the general public. Instead of adding CFIF tags around every usage, I determined that it may be a good idea to use regex to sanitize it.
I initially tried removing the logging and/or replacing it with a comment, but this didn't seem to work correctly in every context. I decided to set it to a local dummy variable so this it wouldn't do any harm during post-processing. We use jsoup to manage the order of JS/CSS loading & add pre-configured CSP rules based on content. In addition, We may use IIS Webspeed (PageSpeed for IIS) to reduce whitespace optimize css/js/images. (PageSpeed automatically removes comments & reduces JS, so I'm hoping it will reduce multiple redundant variables to a single variable.)
Using the removeLogging() UDF, I can now determine how the web application is being accessed (developer vs non-developer) and remove the console debugging for non-developer visitors. This has been tested using CF2016.
Top comments (0)