Canonicalize(str,bool,bool) not working as expected

Report · Nov 15, 2016

Hello, all,

I'm using canonicalize() as part of a URL and FORM scope sanitizing process, and it's not doing what the specs say it should do.

For example, in scrubbing a URL parameter, the following _should_ throw an error:

www.domain.com/page.cfm?var=home%27alert(%22abc%22)%27

This should trigger an error, and cause my onError() handler in application.cfc to run. But it isn't working.

url.var = canonicalize(url.var,true,true);

What is going on??? Why isn't this throwing an error?

V/r,

^_^

Report · Nov 16, 2016

Is there a setting in CFAdmin that has to be set to a particular value in order for canonicalize() to work?? What could cause canonicalize() to _not_ work?

V/r,

^_^

Adobe Community

Canonicalize(str,bool,bool) not working as expected