Legend

Answered

ASCII equivalent of CF's URLDecode?

Forum|Forum|13 years ago
August 10, 2012
2 replies
1242 views

Hello, everyone.

Even though I've been working with CF for over a decade, this is going to sound like a total n00b question. I'm just drawing a blank, right now. Google isn't much help.

Is there an ASCII equivalent of URLDecode??

Where I work, everything that is inserted into a database goes through a filter that changes certain characters to their ASCII equivalent (ie, the less than "<" is altered to "<"). For displaying the data, I need to revert the < back to < for formatting (there are <br /> in place of line breaks, in the data.)

If not, I suppose I should check cflib to see if there is a UDF. Hmm..

Respectfully,

^_^

This topic has been closed for replies.

Correct answer 12Robots

Well, first, that's not ASCII encoding, that's HTML Entity Encoding.

Second, no. There is not a built-in function for decoding HTML entities. The purpose of the function is to use it when displaying output to the screen, not to use it before sotring data for later use.

Obviously that doesn't help since you already have a system that encodes before putting data into the DB. So you need a way to decode it.

If you are using CF8 or CF9, with all of the security hotfixes installed, or you are using CF10, then you'll have ESAPI available to you via Java integration. ESAPI is a security tool from OWASP with built-in encoders and decoders. You can use those. Here is how.

#string#

<br />

#encoder.decodeForHTML(string)#

</cfoutput>

Hope that helps.

12RobotsCorrect answer

Participating Frequently

Well, first, that's not ASCII encoding, that's HTML Entity Encoding.

Second, no. There is not a built-in function for decoding HTML entities. The purpose of the function is to use it when displaying output to the screen, not to use it before sotring data for later use.

Obviously that doesn't help since you already have a system that encodes before putting data into the DB. So you need a way to decode it.

If you are using CF8 or CF9, with all of the security hotfixes installed, or you are using CF10, then you'll have ESAPI available to you via Java integration. ESAPI is a security tool from OWASP with built-in encoders and decoders. You can use those. Here is how.

#string#

<br />

#encoder.decodeForHTML(string)#

</cfoutput>

Hope that helps.

WolfShadeAuthor

Legend

@Dan: Unfortunately, no, as URLDecoder is primarily for reverting URL Encoded text (the equivalent of < in URL Encoded text is "%3c", not "<".)

@12Robots: Brilliant! I'll give that a shot and report back. Thanks, again!

^_^

WolfShadeAuthor

Legend

DRAT!! I'm getting an error message:

Class not found. org.owasp.esapi.codecs.HTMLEntityCodec

Granted, this is on my personal CF Server, which is 9.0.1 (pre-June 1, 2012), but I don't know if the settings are any different on the dev or production servers.

Just in case I can convince my boss to make sure the settings are available in dev/production, how would I fix the issue?

Thanks,

^_^

D

Dan_Bracuk

Inspiring

Won't the function you mention solve the problem you are describing?

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded