Replaces special characters in a string with their HTML-escaped equivalents.
HTML-escaped string string. Return characters are removed; line feed characters are preserved. Characters with special meanings in HTML are converted to HTML character entities such as >.
HTMLEditFormat(string [, version ])
Parameter |
Description |
|---|---|
|
A string or a variable that contains one. |
|
HTML version to use; currently ignored.
|
This function converts the following characters to HTML character entities:
Text character |
Encoding |
|---|---|
< |
< |
> |
> |
& |
& |
“ |
" |
This function can be used to help protect
ColdFusion pages that return user-provided data to the client browser
from cross-site scripting attacks. However, the scriptprotect attribute
of the cfapplication tag or the
equivalent This.scriptProtect variable setting in Application.cfc
can be preferable in most instances, because you only need to specify
it once for an application.
This function typically increases
the length of a string. This can cause unpredictable results when
performing certain string functions (Left, Right,
and Mid, for example) against the expanded string.
The
only difference between this function and HTMLCodeFormat is
that HTMLCodeFormat surrounds the text in an HTML pre tag.
<!--- This example shows the effects of HTMLCodeFormat and HTMLEditFormat. View it in your browser, then View it using your browser's the View Source command. ---> <cfset testString="This is a test & this is another <This text is in angle brackets> Previous line was blank!!!"> <cfoutput> <h3>The text without processing</h3> #testString#<br> <h3>Using HTMLCodeFormat</h3> #HTMLCodeFormat(testString)# <h3>Using HTMLEditFormat</h3> #HTMLEditFormat(testString)# </cfoutput>