Encodes the input string for safe output in the body of a HTML tag. The encoding in meant to mitigate Cross Site Scripting (XSS) attacks. This function can provide more protection from XSS than the HTMLEditFormat or XMLFormat functions do.

encodeForHTML(string [, canonicalize]) → returns string

Argument Reference

string string

A string to encode

canonicalize boolean
Default: false

If set to true, canonicalization happens before encoding. If set to false, the given input string will just be encoded. The default value for canonicalize is false.
When this parameter is not specified, canonicalization will not happen. By default, when canonicalization is performed, both mixed and multiple encodings will be allowed.
To use any other combinations you should canonicalize using canonicalize method and then do encoding.

Links more information about encodeForHTML

Sample code invoking the encodeForHTML function

Pass in a tag and HTML encode the result.


Expected Result: &lt;test&gt;

Signup for cfbreak to stay updated on the latest news from the ColdFusion / CFML community. One email, every friday.

Fork me on GitHub