encodeForHTML

Encodes the inputString for safe output in the body of a HTML tag. The encoding in meant to mitigate Cross Site Scripting (XSS) attacks. This function can provide more protection from XSS than the HTMLEditFormat or XMLFormat functions do.

encodeForHTML(inputString [, canonicalize]) → returns String

Argument Reference for the encodeForHTML function

inputString

Required: Yes
A string to encode

canonicalize

Required: No
When true runs the canonicalize function against the input before encoding. This argument is not supported on Lucee.

Links more information about encodeForHTML

Examples sample code invoking the encodeForHTML function


Simple encodeForHTML Example

Pass in a tag and HTML encode the result.

encodeForHTML("<test>")

Expected Result: &lt;test&gt;


Fork me on GitHub