encodeFor

Encodes a given string for safe output in the specified context. The encoding is meant to mitigate Cross Site Scripting (XSS) attacks.

encodeFor(type, value) → returns string

This function requires Adobe ColdFusion 2016 and up.  Not supported on Lucee, etc.
  1. CFDocs
  2. Functions
  3. ColdFusion 2016 New Functions and Tags
  4. encodeFor
  5. CF2016+
  6. 0 Issue
  7. Edit
See Also:   encodeForHTML   canonicalize   esapiEncode

Argument Reference

type string
Required

The context of the encoding to perform.
Values:
  • css
  • dn
  • html
  • htmlattribute
  • javascript
  • ldap
  • url
  • xml
  • xmlattribute
  • xpath

value string
Required

The value to encode.

Examples
Sample code invoking the encodeFor function

Pass in a tag and HTML encode the result.

encodeFor("html","<br>")

Expected Result: &lt;br&gt;

Signup for cfbreak to stay updated on the latest news from the ColdFusion / CFML community. One email, every friday.

Fork me on GitHub