View comments | RSS feed

HTMLEditFormat

Description

Replaces special characters in a string with their HTML-escaped equivalents.

Returns

HTML-escaped string string. Return characters are removed; line feed characters are preserved. Characters with special meanings in HTML are converted to HTML character entities such as >.

Category

Display and formatting functions

Function syntax

HTMLEditFormat(string [, version ])

See also

HTMLCodeFormat, cfapplication

Parameters

Parameter Description

string

A string or a variable that contains one.

version

HTML version to use; currently ignored.

  • -1: The latest implementation of HTML
  • 2.0: HTML 2.0 (Default)
  • 3.2: HTML 3.2

Usage

This function converts the following characters to HTML character entities:

Text character Encoding

<

&lt;

>

&gt;

&

&amp;

"

&quot;

This function can usefed to help protect ColdFusion pages that return user-provided data to the client browser from cross-site scripting attacks. However, the scriptprotect attribute of the cfapplication tag or the equivalent This.scriptProtect variable setting in Application.cfc can be preferable in most instances, because you only need to specify it once for an application.

This function typically increases the length of a string. This can cause unpredictable results when performing certain string functions (Left, Right, and Mid, for example) against the expanded string.

The only difference between this function and HTMLCodeFormat is that HTMLCodeFormat surrounds the text in an HTML pre tag.

Example

<!--- This example shows the effects of HTMLCodeFormat and 
      HTMLEditFormat. View it in your browser, then View it
      using your browser's the View Source command. --->
<cfset testString="This is a test
        & this is another 
<This text is in angle brackets>

Previous line was blank!!!">

<cfoutput>
    <h3>The text without processing</h3>
    #testString#<br>
    <h3>Using HTMLCodeFormat</h3>
    #HTMLCodeFormat(testString)#
    <h3>Using HTMLEditFormat</h3>
    #HTMLEditFormat(testString)#
</cfoutput>

ColdFusion MX 7 | ColdFusion MX 6.1 | ColdFusion MX | Forums | Developer Center | KnowledgeBase | Bug Reporting

Version 7

Comments


No screen name said on Feb 15, 2005 at 1:16 AM :
You should say wether a function exists to reverse this process. I can't find one.
jrunrandy said on Feb 15, 2005 at 6:15 AM :
Good point. I've run into this myself. There is no function to reverse the HTMLEditFormat process. However, in some cases, you can just keep a copy of the original string.

Actually, once I think it through, the problems of reversing this process are clear: the function replaces special characters (for example, >) with HTML-escaped equivalents (for example, &gt;), which you can easily reverse; but what if the original string already contained &gt; - you wouldn't want to change that to >.
healey_mark said on Mar 12, 2007 at 3:09 PM :
jrunrandy,

Your example of the source string containing &gt; already would still be encodable and decodable:

htmlEditFormat( '&gt;' ) = '&amp;gt;'

Which is easily decodeable back to '&gt;'

Maybe the reason there's no decoding function is that there isn't much use for it...
DracTK said on Mar 19, 2007 at 5:11 PM :
This function also strips Carriage return from the input (maybe the line feed as well) - the strings it removes are a subset of what xmlFormat function removes.

 

RSS feed | Send me an e-mail when comments are added to this page | Comment Report

Current page: http://livedocs.adobe.com/coldfusion/7/htmldocs/00000506.htm