• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

EncodeForHTML not working

Community Beginner ,
Oct 30, 2018 Oct 30, 2018

Copy link to clipboard

Copied

Hello.  I'm developing on a CF 2018 Developer version and I'm implementing EncodeForHTML.  However, when I tried to test it I found it to do nothing.  For example, the following test code from the help files gives me back exactly what you don't want:

<cfscript>

       s1="<script>";

       s2="&<>'/" & '"';

       WriteOutput(EncodeForHTML(s1) & " | ");

       WriteOutput(EncodeForHTML(s2));

</cfscript>

When I run this it gives me;

<script> | &<>'/"

When it should give me

&lt;script&gt;  | &&lt;&gt;&#x27;&#x2f;&quot;

Is anyone else running into this?  It's like the function is turned off.  Is that possible?  What am I missing?

I also tried it in cffiddle and it behaves the same way.

Views

689

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Oct 31, 2018 Oct 31, 2018

Copy link to clipboard

Copied

Are you displaying the output in a browser?  If so, then do a "View Source" of the result page - it should show you what you expect.

V/r,

^ _ ^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 31, 2018 Oct 31, 2018

Copy link to clipboard

Copied

I did think of that and unfortunately, that is not the case.  The view source shows <script> | &<>'/"

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Oct 31, 2018 Oct 31, 2018

Copy link to clipboard

Copied

Hmm.. that is interesting.  It _could_ be a bug.

But before we get to the "submit a bug via tracker" option, humour me.

Instead of doing this within CFSCRIPT tags, try the following:

      <cfset s1="<script>" />
      <cfset s2="&<>'/" & '"' />

    <cfoutput>

    #encodeForHTML(s1)# | #encodeForHTML(s2)#

    </cfoutput>

It may not change anything, but I have (on rare occasion) discovered small things that work differently in CFSCRIPT than out.

HTH,

^ _ ^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 31, 2018 Oct 31, 2018

Copy link to clipboard

Copied

It didn't change anything.  However, if I don't use the encodeForHTML then it definitely runs the script.  So, it's working.  It just doesn't output like the example says it will. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Oct 31, 2018 Oct 31, 2018

Copy link to clipboard

Copied

Then we are left with no alternative.  Adobe may not be aware of this.  Add a bug to the tracker.

V/r,

^ _ ^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 31, 2018 Oct 31, 2018

Copy link to clipboard

Copied

WolfShade is correct.  I just tried it, and its behaving as expected.  

The browser displays: 

<script> | &<>'/"

But the source (when you click on "view-source") shows:

&lt;script&gt; | &&lt;&gt;&#x27;&#x2f;&quot; 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 31, 2018 Oct 31, 2018

Copy link to clipboard

Copied

Are you on CF 2018?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 31, 2018 Oct 31, 2018

Copy link to clipboard

Copied

Yes, I'm on 2018,0,01,311402

Here's the code I use:

<cfscript>
writeoutput("#server.coldfusion.productname# #server.coldfusion.productversion#<br />");
s1="<script>";
s2="&<>'/" & '"';
WriteOutput(EncodeForHTML(s1) & " | ");
WriteOutput(EncodeForHTML(s2));
</cfscript>

And here's screenshots of both the browser output and source output:

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 31, 2018 Oct 31, 2018

Copy link to clipboard

Copied

LATEST

Okay, not sure what is going on here but I did what I should have done before posting which is just put this in a single file and test instead of inside the app.  The test worked correctly in the test file, just like yours.

Now, when I go back into the app it is now working correctly inside the app. Wow....not sure what is going on here but most likely some sort of user error along the way. 

Thanks guys for being a sounding board.  I'm not sure what happened but I was definitely not getting the expected output earlier today.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 31, 2018 Oct 31, 2018

Copy link to clipboard

Copied

I guess it is working because it's not actually running the code.  It just doesn't behave like the example shown at EncodeForHTML function in ColdFusion .

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation