Setting
Default
Disable access to
Unchecked
internal ColdFusion
Java components
Prefix serialized
Unchecked: //
JSON with
Maximum Output
1024KB
Buffer size
Recommendation
Description
Checked
The internal ColdFusion Java
components may allow
administrative duties to be
performed.
Some developers may write code
that relies on these components.
This practice should be avoided as
these components are not
documented.
Checked: //
This setting helps prevent JSON
hijacking, and should be turned on.
ColdFusion AJAX tags and functions
automatically remove the prefix.
If developers have written CFC
functions with returnformat="json" or
use the SerializeJSON function, the
prefix will be applied, and should be
removed in the client code before
processing.
Developers can override this setting
at the application level.
Lower
A lower output buffer size may
reduce the memory footprint in some
applications.
58