cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

ColdFusion 10 vs 11 Escaping Input Parameters

davecordes
New Here ,
Jul 09, 2015 Jul 09, 2015

Copy link to clipboard

Copied

Hi,

I just recently upgraded to ColdFusion 11 from ColdFusion 10 and noticed that quotation marks are not being escaped in ColdFusion 11 when those are entered in a textbox.

Here is an image from my ColdFusion 10 server where the quotation marks are automatically being escaped.

Screen Shot 2015-07-09 at 2.30.49 PM.png

Here's the view source from Google Chrome:

Screen Shot 2015-07-09 at 2.33.50 PM.png

Here is an image from my ColdFusion 11 server where the quotation marks are NOT being escaped.

Screen Shot 2015-07-09 at 2.30.56 PM.png


Here's the view source from Google Chrome:

Screen Shot 2015-07-09 at 2.34.08 PM.png

Does anyone know if this expected behavior or a bug? Do we really have to use EncodeForHTML() on every form field value now?

Views

243

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
no replies

Have something to add?

Join the conversation
Resources
Documentation
ColdFusion User Guide
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices