ColdFusion 10 vs 11 Escaping Input Parameters

Forum|Forum|10 years ago
July 9, 2015
0 replies
310 views

Hi,

I just recently upgraded to ColdFusion 11 from ColdFusion 10 and noticed that quotation marks are not being escaped in ColdFusion 11 when those are entered in a textbox.

Here is an image from my ColdFusion 10 server where the quotation marks are automatically being escaped.

Here's the view source from Google Chrome:

Here is an image from my ColdFusion 11 server where the quotation marks are NOT being escaped.

Here's the view source from Google Chrome:

Does anyone know if this expected behavior or a bug? Do we really have to use EncodeForHTML() on every form field value now?

This topic has been closed for replies.

Remix with Firefly Community Gallery

Thousands of free creations to fall in love with and remix in Firefly.

Explore now

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded