Skip to main content
Inspiring
October 30, 2018
Question

EncodeForHTML not working

  • October 30, 2018
  • 2 replies
  • 1028 views

Hello.  I'm developing on a CF 2018 Developer version and I'm implementing EncodeForHTML.  However, when I tried to test it I found it to do nothing.  For example, the following test code from the help files gives me back exactly what you don't want:

<cfscript>

       s1="<script>";

       s2="&<>'/" & '"';

       WriteOutput(EncodeForHTML(s1) & " | ");

       WriteOutput(EncodeForHTML(s2));

</cfscript>

When I run this it gives me;

<script> | &<>'/"

When it should give me

&lt;script&gt;  | &&lt;&gt;&#x27;&#x2f;&quot;

Is anyone else running into this?  It's like the function is turned off.  Is that possible?  What am I missing?

I also tried it in cffiddle and it behaves the same way.

This topic has been closed for replies.

2 replies

PrestonAuthor
Inspiring
October 31, 2018

I guess it is working because it's not actually running the code.  It just doesn't behave like the example shown at EncodeForHTML function in ColdFusion .

WolfShade
Legend
October 31, 2018

Are you displaying the output in a browser?  If so, then do a "View Source" of the result page - it should show you what you expect.

V/r,

^ _ ^

PrestonAuthor
Inspiring
October 31, 2018

I did think of that and unfortunately, that is not the case.  The view source shows <script> | &<>'/"

WolfShade
Legend
October 31, 2018

Hmm.. that is interesting.  It _could_ be a bug.

But before we get to the "submit a bug via tracker" option, humour me.

Instead of doing this within CFSCRIPT tags, try the following:

      <cfset s1="<script>" />
      <cfset s2="&<>'/" & '"' />

    <cfoutput>

    #encodeForHTML(s1)# | #encodeForHTML(s2)#

    </cfoutput>

It may not change anything, but I have (on rare occasion) discovered small things that work differently in CFSCRIPT than out.

HTH,

^ _ ^