• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

"X-UA-Compatible" keyword causes ColdFusion to break

Community Beginner ,
Jun 16, 2022 Jun 16, 2022

Copy link to clipboard

Copied

I have been experiencing a particularly strange bug.

On Coldfusion 2021, if I insert the keyword "X-UA-Compatible" in any text box or field, I get the following error when ColdFusion tries to display it:

 

javax.servlet.ServletException: ROOT CAUSE: 
java.lang.IndexOutOfBoundsException
	at java.base/sun.nio.cs.StreamEncoder.write(StreamEncoder.java:121)
	at java.base/java.io.OutputStreamWriter.write(OutputStreamWriter.java:208)
	at java.base/java.io.PrintWriter.write(PrintWriter.java:507)
	at coldfusion.runtime.CharBuffer.writeTo(CharBuffer.java:154)
	at coldfusion.runtime.NeoJspWriter.writeOutput(NeoJspWriter.java:281)
	at coldfusion.runtime.NeoJspWriter.flush(NeoJspWriter.java:374)
	at coldfusion.runtime.NeoPageContext.flushOutput(NeoPageContext.java:2545)
	at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:42)
	at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:60)
	at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
	at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
	at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62)
	at coldfusion.CfmServlet.service(CfmServlet.java:231)
	at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:311)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:228)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163)
	at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:46)
	at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163)
	at coldfusion.inspect.weinre.MobileDeviceDomInspectionFilter.doFilter(MobileDeviceDomInspectionFilter.java:121)
	at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:373)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1723)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:829)

	coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:74)
	coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	coldfusion.inspect.weinre.MobileDeviceDomInspectionFilter.doFilter(MobileDeviceDomInspectionFilter.java:121)
	coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)

 

I first found this in a large text box where we insert email templates, but I've tested it and it happens in all textboxes. Is this a known issue?

Views

517

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

I have been unable to reproduce it using a form containing a text field and textarea field. Could you please share the code you used?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

Hi, here's an example:

			<tr>
			   <td align=right><small>Template</small></td>
			   <!--- HTML which may need to be escaped --->
			   <td><cftextarea name="metm_value" rows="15"  cols="110">#encodeForHTML(Template.value)#</cftextarea></td>
			</tr>

I tested removing encodeForHTML but it made no difference.

I'm testing using Chrome.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

As a sanity check, can you first remove the underscores in your example? Does it work then?

 

Second, if you leave them (and the encodefor) in, but change it to a textarea (rather than cftextarea), does it work? I realize that will not be what you want.

 

I'm just trying to help narrow the problem for you and others. Also, I'm reading this on a phone so can't easily do the tests now myself.

 

Finally, I notice the comment indicating "which may need to be escaped". Did you write that or a predecessor? Seems someone knew of some problem.  But I'm not aware of a general need to escape content in a cftextarea or encodefor. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

The issue only happens with X-UA-Compatible written exactly this way.

 

I ran a few more tests, and it turns out it's not just textboxes. The page breaks if I write the keyword anywhere, like the labels for the table for example.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

Anywhere? So are you really saying that just a cfoutput of just that text would do it? Note bkbk could not reproduce that. Shows us the most minimal example that demonstrates it for you.

 

You can also run it on cffiddle.org (or trycf.com), to see if it happens there. If not, it seems you have something unique on your end. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

Yes. Not even cfoutput, this:

<tr>
			   <td align=right><small>X-UA-Compatible</small></td>
			</tr>

is enough to break it, for example. I tried it on cffidle and I couldn't reproduce it.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

Yes. Not even cfoutput, this:

<tr>
			   <td align=right><small>X-UA-Compatible</small></td>
			</tr>

is enough to break it, for example. I tried it on cffidle and I couldn't reproduce it.


By @lucasc25675147

 

Likely a hiccup in the servlet engine. A possible solution is to (if you haven't yet done so)

  1. update CF2021 to Update 4;
  2.  upgrade the JDK that ColdFusion uses.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

 

Yes. Not even cfoutput, this:

<tr>
			   <td align=right><small>X-UA-Compatible</small></td>
			</tr>

is enough to break it, 


By @lucasc25675147

 

Suggestion for test:

  1.  Restart ColdFusion;
  2.  Open in a browser the page testPage.cfm, whose content is exactly:
    <table>
    <tr>
    <td align=right><small>X-UA-Compatible</small></td>
    </tr>
    </table>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

I tried that, it didn't break this time. I'll expand on this test.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

 

I tried that, it didn't break this time. I'll expand on this test.


By @lucasc25675147

 

And the following test?

<cfoutput>
    <table>
    <tr>
    <td align=right><small>X-UA-Compatible</small></td>
    </tr>
    </table>
</cfoutput>

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

It looks like the problem stop if I remove the <head> element from the page. Not even anything inside the element, just the element itself.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

 

It looks like the problem stop if I remove the <head> element from the page. Not even anything inside the element, just the element itself.


By @lucasc25675147

 

Weird. <head></head> is just HTML, so that is unlikely to trigger ColdFusion's servlet engine. Have you confirmed by repeatedly testing with and without <head></head>?

 

Again, as I said, many arrows point to cfoutput.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

 

"X-UA-Compatible" keyword causes ColdFusion to break


By @lucasc25675147

 

That has not yet been demonstrated.

 

 

The issue only happens with X-UA-Compatible written exactly this way.


By @lucasc25675147

 

That is unclear to me. Do you mean the string "X-UA-Compatible" or the the X-UA-Compatible meta-tag?

 

The string on its own makes little sense. So I shall assume you mean the meta tag.

 

When I test with the following code, I get no error:

<cfdump var="#form#" >

<cfset template.value='<meta http-equiv="X-UA-Compatible" content="IE=edge" />'>

<cfoutput>	
	<cfif structKeyExists(form, "FIELDNAMES")>
		form.txt:#encodeForHTML(form.txt)#<br>
		form.metm_value: #encodeForHTML(template.value)#<br>
	</cfif>


	
	<cfform>
		<cfinput name="txt" type="text" value="#template.value#">	<br>
		
		<cftextarea name="metm_value" rows="15"  cols="110">
			#encodeForHTML(template.value)#
		</cftextarea> <br>
		
		<cfinput name="sbmt" type="submit" value="Send">
	
	</cfform>	
</cfoutput>

 

My hunch is that something else is causing the error. At the level of the servlet engine. After all, the error occurs when ColdFusion is busy processing the servlet for the page. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

No, I do mean the string, completely outside of context. It makes no sense to me as well, but it is what's happening. I'm gonna run some tests with a different Java version to see if it changes anything, because indeed I'm not sure this is caused by a bug in Coldfusion's code anymore.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

OK. Thanks for the additional information.

Another thought.

The error message shows that the writer and stream-writer classes were busy when the error occurred. That suggests that some code might be writing output within a process that is itself writing output. For example, nested cfoutput. Remember to also check for this in Application.cfc. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

Incidentally, did you open the ColdFusion site on a mobile phone?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 13, 2023 Feb 13, 2023

Copy link to clipboard

Copied

LATEST

This thread is a little dated, but I wanted to confirm something very similar to this finding.

 

We're currently in the process of evaluating the CF 2021 update and one of my sites started throwing a '500' error on a page that contained a CFFORM tag. After trying several things to isolate the reason for the '500' error and starting to work with CF support, I found this thread. 

 

Sure enough, the page that was generating the '500' contained the following meta tag:  

<meta http-equiv="x-ua-compatible" content="IE=edge" >   

 

I commented out that tag and re-loaded the page, and the '500' error was no more. 

 

To be clear, the '500' error only happened on a page that *both* contained the meta tag above and a CFFORM tag. If a page had the meta tag and no CFFORM tag, it loaded fine. I'm not sure if any other CF tags would have generated the same response; I was only focused on the CFFORM tag.  

 

I have shared my finding on the open ticket with ColdFusion support and noted that this page worked fine in CF2018 (same JDK), so it does seem to be something within CF2021.  

 

I hope this helps someone. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation