Skip to main content
L
lucasc25675147
Participating Frequently
June 16, 2022
Question

"X-UA-Compatible" keyword causes ColdFusion to break

  • June 16, 2022
  • 3 replies
  • 1516 views

I have been experiencing a particularly strange bug.

On Coldfusion 2021, if I insert the keyword "X-UA-Compatible" in any text box or field, I get the following error when ColdFusion tries to display it:

 

javax.servlet.ServletException: ROOT CAUSE: 
java.lang.IndexOutOfBoundsException
	at java.base/sun.nio.cs.StreamEncoder.write(StreamEncoder.java:121)
	at java.base/java.io.OutputStreamWriter.write(OutputStreamWriter.java:208)
	at java.base/java.io.PrintWriter.write(PrintWriter.java:507)
	at coldfusion.runtime.CharBuffer.writeTo(CharBuffer.java:154)
	at coldfusion.runtime.NeoJspWriter.writeOutput(NeoJspWriter.java:281)
	at coldfusion.runtime.NeoJspWriter.flush(NeoJspWriter.java:374)
	at coldfusion.runtime.NeoPageContext.flushOutput(NeoPageContext.java:2545)
	at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:42)
	at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:60)
	at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
	at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
	at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62)
	at coldfusion.CfmServlet.service(CfmServlet.java:231)
	at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:311)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:228)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163)
	at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:46)
	at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163)
	at coldfusion.inspect.weinre.MobileDeviceDomInspectionFilter.doFilter(MobileDeviceDomInspectionFilter.java:121)
	at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:373)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1723)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:829)

	coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:74)
	coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	coldfusion.inspect.weinre.MobileDeviceDomInspectionFilter.doFilter(MobileDeviceDomInspectionFilter.java:121)
	coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)

 

I first found this in a large text box where we insert email templates, but I've tested it and it happens in all textboxes. Is this a known issue?

      This topic has been closed for replies.

      3 replies

      CFDaddio2
      CFDaddio2
      Participant
      February 13, 2023

      This thread is a little dated, but I wanted to confirm something very similar to this finding.

       

      We're currently in the process of evaluating the CF 2021 update and one of my sites started throwing a '500' error on a page that contained a CFFORM tag. After trying several things to isolate the reason for the '500' error and starting to work with CF support, I found this thread. 

       

      Sure enough, the page that was generating the '500' contained the following meta tag:  

      <meta http-equiv="x-ua-compatible" content="IE=edge" >   

       

      I commented out that tag and re-loaded the page, and the '500' error was no more. 

       

      To be clear, the '500' error only happened on a page that *both* contained the meta tag above and a CFFORM tag. If a page had the meta tag and no CFFORM tag, it loaded fine. I'm not sure if any other CF tags would have generated the same response; I was only focused on the CFFORM tag.  

       

      I have shared my finding on the open ticket with ColdFusion support and noted that this page worked fine in CF2018 (same JDK), so it does seem to be something within CF2021.  

       

      I hope this helps someone. 

      J
      James30995040p096
      Participant
      April 25, 2024

      This helped me.   I've had issues all morning with a form value, that and a dump of a screen and "x-ua-compatible" was mixed inline all the cruff.  Again I got the IndexOutOfBoundsException 

      J
      James30995040p096
      Participant
      April 25, 2024

      HTTP Status 500 – Internal Server Error

      Type Exception Report

      Message ROOT CAUSE:

      Description The server encountered an unexpected condition that prevented it from fulfilling the request.

      Exception

      javax.servlet.ServletException: ROOT CAUSE: 
java.lang.IndexOutOfBoundsException
	at java.base/sun.nio.cs.StreamEncoder.write(StreamEncoder.java:121)
	at java.base/java.io.OutputStreamWriter.write(OutputStreamWriter.java:208)
	at java.base/java.io.PrintWriter.write(PrintWriter.java:507)
	at coldfusion.runtime.CharBuffer.writeTo(CharBuffer.java:154)
	at coldfusion.runtime.NeoJspWriter.writeOutput(NeoJspWriter.java:281)
	at coldfusion.runtime.NeoJspWriter.flush(NeoJspWriter.java:374)
	at coldfusion.runtime.NeoPageContext.flushOutput(NeoPageContext.java:2566)
	at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:42)
	at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:60)
	at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
	at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
	at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62)
	at coldfusion.filter.RequestThrottleFilter.invoke(RequestThrottleFilter.java:151)
	at coldfusion.CfmServlet.service(CfmServlet.java:231)
	at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:311)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:46)
	at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at coldfusion.inspect.weinre.MobileDeviceDomInspectionFilter.doFilter(MobileDeviceDomInspectionFilter.java:57)
	at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:355)
	at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:450)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:834)

	coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:74)
	coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	coldfusion.inspect.weinre.MobileDeviceDomInspectionFilter.doFilter(MobileDeviceDomInspectionFilter.java:57)
	coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
      BKBK
      Community Expert
      BKBKCommunity Expert
      Community Expert
      June 17, 2022

      Incidentally, did you open the ColdFusion site on a mobile phone?

      BKBK
      Community Expert
      BKBKCommunity Expert
      Community Expert
      June 17, 2022

      I have been unable to reproduce it using a form containing a text field and textarea field. Could you please share the code you used?

      L
      lucasc25675147Author
      Participating Frequently
      June 17, 2022

      Hi, here's an example:

      			<tr>
			   <td align=right><small>Template</small></td>
			   <!--- HTML which may need to be escaped --->
			   <td><cftextarea name="metm_value" rows="15"  cols="110">#encodeForHTML(Template.value)#</cftextarea></td>
			</tr>

      I tested removing encodeForHTML but it made no difference.

      I'm testing using Chrome.

      Charlie Arehart
      Community Expert
      Charlie ArehartCommunity Expert
      Community Expert
      June 17, 2022

      As a sanity check, can you first remove the underscores in your example? Does it work then?

       

      Second, if you leave them (and the encodefor) in, but change it to a textarea (rather than cftextarea), does it work? I realize that will not be what you want.

       

      I'm just trying to help narrow the problem for you and others. Also, I'm reading this on a phone so can't easily do the tests now myself.

       

      Finally, I notice the comment indicating "which may need to be escaped". Did you write that or a predecessor? Seems someone knew of some problem.  But I'm not aware of a general need to escape content in a cftextarea or encodefor. 

      /Charlie (troubleshooter, carehart. org)
      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices