EncodeForHTML

Adobe Community Help


Applies to

 

Description

Encodes an input string for a safe HTML output to prevent Cross Site Scripting (XSS) attacks.

Returns

Encoded string

Category

Display and formatting functions

Syntax

 

encodeForHTML(inputString [,canonicalize])

See also

CanonicalizeEncodeForHTMLAttributeEncodeForJavaScriptEncodeForCSSEncodeForURL

History

ColdFusion 10: Added this function.

Parameters

Parameter

Description

inputString

Required. The string to encode.

canonicalize

Optional. If set to true, canonicalization happens before encoding. If set to false, the given input string will just be encoded. The default value for canonicalize is false. When this parameter is not specified, canonicalization will not happen. By default, when canonicalization is performed, both mixed and multiple encodings will be allowed. To use any other combinations you should canonicalize using canonicalize method and then perform encoding.

Example

<cfscript>
       s1="<script>";
       s2="&<>'/" & '"';
       WriteOutput(EncodeForHTML(s1) & " | ");
       WriteOutput(EncodeForHTML(s2));
</cfscript>

Output

&lt;script&gt;  | &amp;&lt;&gt;&#x27;&#x2f;&quot; 

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy

Choose your region    Products   Downloads   Learn & Support   Company

Copyright © 2016 Adobe Systems Incorporated. All rights reserved.

Terms of Use | Privacy | Cookies