Hi, here's an example:

			<tr>
			   <td align=right><small>Template</small></td>
			   <!--- HTML which may need to be escaped --->
			   <td><cftextarea name="metm_value" rows="15"  cols="110">#encodeForHTML(Template.value)#</cftextarea></td>
			</tr>

I tested removing encodeForHTML but it made no difference.

I'm testing using Chrome.

As a sanity check, can you first remove the underscores in your example? Does it work then?

Second, if you leave them (and the encodefor) in, but change it to a textarea (rather than cftextarea), does it work? I realize that will not be what you want.

I'm just trying to help narrow the problem for you and others. Also, I'm reading this on a phone so can't easily do the tests now myself.

Finally, I notice the comment indicating "which may need to be escaped". Did you write that or a predecessor? Seems someone knew of some problem.  But I'm not aware of a general need to escape content in a cftextarea or encodefor. 

The issue only happens with X-UA-Compatible written exactly this way.

I ran a few more tests, and it turns out it's not just textboxes. The page breaks if I write the keyword anywhere, like the labels for the table for example.

Anywhere? So are you really saying that just a cfoutput of just that text would do it? Note bkbk could not reproduce that. Shows us the most minimal example that demonstrates it for you.

You can also run it on cffiddle.org (or trycf.com), to see if it happens there. If not, it seems you have something unique on your end. 

Yes. Not even cfoutput, this:

<tr>
			   <td align=right><small>X-UA-Compatible</small></td>
			</tr>

is enough to break it, for example. I tried it on cffidle and I couldn't reproduce it.

Yes. Not even cfoutput, this:

<tr>
			   <td align=right><small>X-UA-Compatible</small></td>
			</tr>

is enough to break it, for example. I tried it on cffidle and I couldn't reproduce it.

By @lucasc25675147

Likely a hiccup in the servlet engine. A possible solution is to (if you haven't yet done so)

1. update CF2021 to Update 4;
2.  upgrade the JDK that ColdFusion uses.

 

Yes. Not even cfoutput, this:

<tr>
			   <td align=right><small>X-UA-Compatible</small></td>
			</tr>

is enough to break it, 

By @lucasc25675147

Suggestion for test:

1.  Restart ColdFusion;
2.  Open in a browser the page testPage.cfm, whose content is exactly:
   

   <table>
   <tr>
   <td align=right><small>X-UA-Compatible</small></td>
   </tr>
   </table>

I tried that, it didn't break this time. I'll expand on this test.

 

I tried that, it didn't break this time. I'll expand on this test.

By @lucasc25675147

And the following test?

<cfoutput>
    <table>
    <tr>
    <td align=right><small>X-UA-Compatible</small></td>
    </tr>
    </table>
</cfoutput>

It looks like the problem stop if I remove the <head> element from the page. Not even anything inside the element, just the element itself.

 

It looks like the problem stop if I remove the <head> element from the page. Not even anything inside the element, just the element itself.

By @lucasc25675147

Weird. <head></head> is just HTML, so that is unlikely to trigger ColdFusion's servlet engine. Have you confirmed by repeatedly testing with and without <head></head>?

Again, as I said, many arrows point to cfoutput.

 

"X-UA-Compatible" keyword causes ColdFusion to break

By @lucasc25675147

That has not yet been demonstrated.

 

The issue only happens with X-UA-Compatible written exactly this way.

By @lucasc25675147

That is unclear to me. Do you mean the string "X-UA-Compatible" or the the X-UA-Compatible meta-tag?

The string on its own makes little sense. So I shall assume you mean the meta tag.

When I test with the following code, I get no error:

<cfdump var="#form#" >

<cfset template.value='<meta http-equiv="X-UA-Compatible" content="IE=edge" />'>

<cfoutput>	
	<cfif structKeyExists(form, "FIELDNAMES")>
		form.txt:#encodeForHTML(form.txt)#<br>
		form.metm_value: #encodeForHTML(template.value)#<br>
	</cfif>


	
	<cfform>
		<cfinput name="txt" type="text" value="#template.value#">	<br>
		
		<cftextarea name="metm_value" rows="15"  cols="110">
			#encodeForHTML(template.value)#
		</cftextarea> <br>
		
		<cfinput name="sbmt" type="submit" value="Send">
	
	</cfform>	
</cfoutput>

My hunch is that something else is causing the error. At the level of the servlet engine. After all, the error occurs when ColdFusion is busy processing the servlet for the page. 

No, I do mean the string, completely outside of context. It makes no sense to me as well, but it is what's happening. I'm gonna run some tests with a different Java version to see if it changes anything, because indeed I'm not sure this is caused by a bug in Coldfusion's code anymore.

OK. Thanks for the additional information.

Another thought.

The error message shows that the writer and stream-writer classes were busy when the error occurred. That suggests that some code might be writing output within a process that is itself writing output. For example, nested cfoutput. Remember to also check for this in Application.cfc. 

This helped me.   I've had issues all morning with a form value, that and a dump of a screen and "x-ua-compatible" was mixed inline all the cruff.  Again I got the IndexOutOfBoundsException 

HTTP Status 500 – Internal Server Error

Type Exception Report

Message ROOT CAUSE:

Description The server encountered an unexpected condition that prevented it from fulfilling the request.

Exception

javax.servlet.ServletException: ROOT CAUSE: 
java.lang.IndexOutOfBoundsException
	at java.base/sun.nio.cs.StreamEncoder.write(StreamEncoder.java:121)
	at java.base/java.io.OutputStreamWriter.write(OutputStreamWriter.java:208)
	at java.base/java.io.PrintWriter.write(PrintWriter.java:507)
	at coldfusion.runtime.CharBuffer.writeTo(CharBuffer.java:154)
	at coldfusion.runtime.NeoJspWriter.writeOutput(NeoJspWriter.java:281)
	at coldfusion.runtime.NeoJspWriter.flush(NeoJspWriter.java:374)
	at coldfusion.runtime.NeoPageContext.flushOutput(NeoPageContext.java:2566)
	at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:42)
	at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:60)
	at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
	at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
	at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62)
	at coldfusion.filter.RequestThrottleFilter.invoke(RequestThrottleFilter.java:151)
	at coldfusion.CfmServlet.service(CfmServlet.java:231)
	at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:311)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:46)
	at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at coldfusion.inspect.weinre.MobileDeviceDomInspectionFilter.doFilter(MobileDeviceDomInspectionFilter.java:57)
	at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:355)
	at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:450)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:834)

	coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:74)
	coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	coldfusion.inspect.weinre.MobileDeviceDomInspectionFilter.doFilter(MobileDeviceDomInspectionFilter.java:57)
	coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)