Copy link to clipboard
Copied
Hello. I'm developing on a CF 2018 Developer version and I'm implementing EncodeForHTML. However, when I tried to test it I found it to do nothing. For example, the following test code from the help files gives me back exactly what you don't want:
<cfscript>
s1="<script>";
s2="&<>'/" & '"';
WriteOutput(EncodeForHTML(s1) & " | ");
WriteOutput(EncodeForHTML(s2));
</cfscript>
When I run this it gives me;
<script> | &<>'/"
When it should give me
<script> | &<>'/"
Is anyone else running into this? It's like the function is turned off. Is that possible? What am I missing?
I also tried it in cffiddle and it behaves the same way.
Copy link to clipboard
Copied
Are you displaying the output in a browser? If so, then do a "View Source" of the result page - it should show you what you expect.
V/r,
^ _ ^
Copy link to clipboard
Copied
I did think of that and unfortunately, that is not the case. The view source shows <script> | &<>'/"
Copy link to clipboard
Copied
Hmm.. that is interesting. It _could_ be a bug.
But before we get to the "submit a bug via tracker" option, humour me.
Instead of doing this within CFSCRIPT tags, try the following:
<cfset s1="<script>" />
<cfset s2="&<>'/" & '"' /><cfoutput>
#encodeForHTML(s1)# | #encodeForHTML(s2)#
</cfoutput>
It may not change anything, but I have (on rare occasion) discovered small things that work differently in CFSCRIPT than out.
HTH,
^ _ ^
Copy link to clipboard
Copied
It didn't change anything. However, if I don't use the encodeForHTML then it definitely runs the script. So, it's working. It just doesn't output like the example says it will.
Copy link to clipboard
Copied
Then we are left with no alternative. Adobe may not be aware of this. Add a bug to the tracker.
V/r,
^ _ ^
Copy link to clipboard
Copied
WolfShade is correct. I just tried it, and its behaving as expected.
The browser displays:
<script> | &<>'/"
But the source (when you click on "view-source") shows:
<script> | &<>'/"
Copy link to clipboard
Copied
Are you on CF 2018?
Copy link to clipboard
Copied
Yes, I'm on 2018,0,01,311402
Here's the code I use:
<cfscript>
writeoutput("#server.coldfusion.productname# #server.coldfusion.productversion#<br />");
s1="<script>";
s2="&<>'/" & '"';
WriteOutput(EncodeForHTML(s1) & " | ");
WriteOutput(EncodeForHTML(s2));
</cfscript>
And here's screenshots of both the browser output and source output:
Copy link to clipboard
Copied
Okay, not sure what is going on here but I did what I should have done before posting which is just put this in a single file and test instead of inside the app. The test worked correctly in the test file, just like yours.
Now, when I go back into the app it is now working correctly inside the app. Wow....not sure what is going on here but most likely some sort of user error along the way.
Thanks guys for being a sounding board. I'm not sure what happened but I was definitely not getting the expected output earlier today.
Copy link to clipboard
Copied
I guess it is working because it's not actually running the code. It just doesn't behave like the example shown at EncodeForHTML function in ColdFusion .