encodeForHTMLAttribute

Encodes the input string for safe output in the attribute value of an HTML attribute, such as table width or image height. The encoding is meant to mitigate Cross Site Scripting (XSS) attacks.

encodeForHTMLAttribute(string [, canonicalize]) → returns string

  1. CFDocs
  2. Functions
  3. ColdFusion 10 New Functions and Tags
  4. encodeForHTMLAttribute
  5. CF10+
  6. Lucee4.5+
  7. BoxLang 1.0.0+
  8. 0 Issue
  9. Edit
See Also:   htmleditformat   encodeforhtml   Canonicalize

Argument Reference

string string
Required

A string to encode.

canonicalize boolean
Default: false

If set to true, canonicalization happens before encoding. If set to false, the given input string will just be encoded. The default value for canonicalize is false.
When this parameter is not specified, canonicalization will not happen. By default, when canonicalization is performed, both mixed and multiple encodings will be allowed.
To use any other combinations you should canonicalize using canonicalize method and then do encoding.

Compatibility

BoxLang:

Version 1.0.0+ Requires the bx-esapi module.

Links more information about encodeForHTMLAttribute

Examples
Sample code invoking the encodeForHTMLAttribute function

Shows how and where encodeForHTMLAttribute would be used.

<cfoutput><div title="#encodeForHTMLAttribute("<test>")#"></cfoutput>

Expected Result: <div title="&lt;test&gt;">

Signup for cfbreak to stay updated on the latest news from the ColdFusion / CFML community. One email, every friday.

Fork me on GitHub