Copy link to clipboard
I just recently upgraded to ColdFusion 11 from ColdFusion 10 and noticed that quotation marks are not being escaped in ColdFusion 11 when those are entered in a textbox.
Here is an image from my ColdFusion 10 server where the quotation marks are automatically being escaped.
Here's the view source from Google Chrome:
Here is an image from my ColdFusion 11 server where the quotation marks are NOT being escaped.
Does anyone know if this expected behavior or a bug? Do we really have to use EncodeForHTML() on every form field value now?
Have something to add?