encodeFor

Encodes a given string for safe output in the specified context. The encoding is meant to mitigate Cross Site Scripting (XSS) attacks.

encodeFor(type, value) → returns string

This function requires Adobe ColdFusion 2016 and up. Not supported on Lucee, OpenBD, etc.

encodeFor Argument Reference

type string
Required

The context of the encoding to perform.
Values:
  • css
  • dn
  • html
  • htmlattribute
  • javascript
  • ldap
  • url
  • xml
  • xmlattribute
  • xpath

value string
Required

The value to encode.

Examples sample code invoking the encodeFor function

Pass in a tag and HTML encode the result.

encodeFor("html","<br>")

Expected Result: &lt;br&gt;


Fork me on GitHub