Sanitizes HTML using antisamy policy rules.

getSafeHTML(inputString [, PolicyFile, throwOnError]) → returns Any

This function requires Adobe ColdFusion 11 and up. Not supported on Lucee, OpenBD, etc.

Argument Reference for the getSafeHTML function


Required: Yes
String to be sanitized


Required: No
File path for custom antisamy policy file. Can be defined in the application scope or if not defined will use Coldfusion server default


Required: No
If true will throw error else empty string will be returned

Links more information about getSafeHTML

Examples sample code invoking the getSafeHTML function

application setting demo

AntiSamy parameter can be set in the application scope

  <cfset = "antisamy.xml">


demonstrates usage

<cfset  SafeHTML = getSafeHTML(inputHTML, "", true)>

Fork me on GitHub