encodeForHTMLAttribute

Encodes the inputString for safe output in the attribute value of a HTML tag. The encoding in meant to mitigate Cross Site Scripting (XSS) attacks.

encodeForHTMLAttribute(inputString [, canonicalize]) → returns String

Argument Reference for the encodeForHTMLAttribute function

inputString

Required: Yes
A string to encode

canonicalize

Required: No
When true runs the canonicalize function against the input before encoding. This argument is not supported on Lucee.

Links more information about encodeForHTMLAttribute

Examples sample code invoking the encodeForHTMLAttribute function


Simple encodeForHTMLAttribute Example

Shows how and where encodeForHTMLAttribute would be used.

<cfoutput><div title="#encodeForHTMLAttribute("<test>")#"></cfoutput>

Expected Result: <div title="&lt;test&gt;">


Fork me on GitHub