Highlighted

ColdFusion 10 vs 11 Escaping Input Parameters

New Here ,
Jul 09, 2015

Copy link to clipboard

Copied

Hi,

I just recently upgraded to ColdFusion 11 from ColdFusion 10 and noticed that quotation marks are not being escaped in ColdFusion 11 when those are entered in a textbox.

Here is an image from my ColdFusion 10 server where the quotation marks are automatically being escaped.

Screen Shot 2015-07-09 at 2.30.49 PM.png

Here's the view source from Google Chrome:

Screen Shot 2015-07-09 at 2.33.50 PM.png

Here is an image from my ColdFusion 11 server where the quotation marks are NOT being escaped.

Screen Shot 2015-07-09 at 2.30.56 PM.png


Here's the view source from Google Chrome:

Screen Shot 2015-07-09 at 2.34.08 PM.png

Does anyone know if this expected behavior or a bug? Do we really have to use EncodeForHTML() on every form field value now?

Views

132

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

ColdFusion 10 vs 11 Escaping Input Parameters

New Here ,
Jul 09, 2015

Copy link to clipboard

Copied

Hi,

I just recently upgraded to ColdFusion 11 from ColdFusion 10 and noticed that quotation marks are not being escaped in ColdFusion 11 when those are entered in a textbox.

Here is an image from my ColdFusion 10 server where the quotation marks are automatically being escaped.

Screen Shot 2015-07-09 at 2.30.49 PM.png

Here's the view source from Google Chrome:

Screen Shot 2015-07-09 at 2.33.50 PM.png

Here is an image from my ColdFusion 11 server where the quotation marks are NOT being escaped.

Screen Shot 2015-07-09 at 2.30.56 PM.png


Here's the view source from Google Chrome:

Screen Shot 2015-07-09 at 2.34.08 PM.png

Does anyone know if this expected behavior or a bug? Do we really have to use EncodeForHTML() on every form field value now?

Views

133

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jul 09, 2015 0

Have something to add?

Join the conversation