All geek questions in one place

Is there any difference with the HTMLEditFormat feature in ColdFusion CF9 vs CF10?

I see a difference in how HTMLEditFormat works in CF9 and CF10.

HTMLEditFormat(">")
  • In CF9: displayed as "& gt;" (no difference)
  • In CF10: displayed as "& gt;" (with double shielding, which seems correct to me)

I looked at CF10 notes and looked at the HTMLEditFormat documentation , but cannot find a mention that there is a difference in how this function works. Does anyone know the difference or know the documentation that proves that there is no difference? ... or do you know any other settings (ColdFusion or web server) that could cause this to work differently?

(This question is not a duplicate, because I do not ask about encodeForHTML. I understand that this is an ideal solution, but I ask you to understand why it HTMLEditFormatcan be different in CF9 and CF10.)

+4
source share
1 answer

I can not imagine why this function will behave differently. Especially when planned evasion in CF 10. Probably you are calling it from a tag CFINPUT?

<cfinput id="foo" value="#htmlEditFormat(someValue)#" />

If so, then in CF6 - CF9 this tag automatically uses HTMLEditFormat()for values. Calling a second instance HTMLEditFormat()does not affect the output. But CF 10+ updated the tag to use encodeForHTML()for values. If you also chose HTMLEditFormat(), then you encode the output twice.

HTMLEditFormat() encodeForHTML(), (CF10 +). ColdFusion 11, HTMLEditFormat() ColdFusion 12, .

HTMLEditFormat() 4 : <, >, &, ".

encodeForHTML() , UTF-8. "encodeFor" , (html, htmlattribute, js, css, xml ..).

+3

Source: https://habr.com/ru/post/1542542/

More articles:


All Articles