escaping - Is there a difference with the HTMLEditFormat function in ColdFusion CF9 versus CF10? -

-

i'm seeing difference in how htmleditformat works in cf9 , cf10. 

htmleditformat(">")
  • in cf9: showing ">" (no difference)
  • in cf10: showing ">" (double-escaped, seems correct me)

i've looked through cf10 notes , reviewed htmleditformat documentation, cannot find mention of there being difference in how function works. know of difference, or know of documentation proves there no difference? ...or know of other settings (coldfusion or web server) might cause work different?

(this question not duplicate because not asking encodeforhtml. understand ideal solution, asking understand why htmleditformat might different in cf9 vs. cf10.)

i can't imagine why function behave differently. when it's planned deprecation going cf 10. chance, calling within cfinput tag?

<cfinput id="foo" value="#htmleditformat(somevalue)#" />

if so, in cf6 - cf9, tag uses htmleditformat() on values automatically. calling 2nd instance of htmleditformat() doesn't affect output. cf 10+ updated tag use encodeforhtml() on values. if throw in htmleditformat(), you're double-encoding output.

for better security, should stop using htmleditformat() , start using encodeforhtml() if it's available (cf10+). of coldfusion 11, htmleditformat() has been officially deprecated , coldfusion 12, function should removed completely.

htmleditformat() encodes 4 characters: <, >, &, ".

encodeforhtml() encodes every character, including utf-8 characters. updated "encodefor" functions contextual, have pick right on right context (html, htmlattribute, js, css, xml, etc.).


Comments

Post a Comment

Popular posts from this blog

c++ - OpenCV Error: Assertion failed <scn == 3 ::scn == 4> in unknown function, -

-
i read alot other solution still confused should mine... #include <opencv2/objdetect/objdetect.hpp> #include <opencv2/highgui/highgui.hpp> #include <opencv2/imgproc/imgproc.hpp> #include <iostream> #include <stdio.h> using namespace std; using namespace cv; int main(int argc, const char** argv) { //create cascade classifier object used face detection cascadeclassifier face_cascade; //use haarcascade_frontalface_alt.xml library face_cascade.load("haarcascade_frontalface_alt.xml"); //setup video capture device , link first capture device videocapture capturedevice; capturedevice.open(0); //setup image files used in capture process mat captureframe; mat grayscaleframe; //create window present results namedwindow("outputcapture", 1); //create loop capture , find faces while (true) { //capture new image frame capturedevice >> captureframe; ...
Read more

php - render data via PDO::FETCH_FUNC vs loop -

-
i've been using 2 methods render data. the first one: function name($id,$name){ return '<div id="'.$id.'">'.$name.'</div>'; } echo implode($pdo->query("select id,name user")->fetchall(pdo::fetch_func,'name')); the second one: $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); foreach($users $user){ echo name($user->id,$user->name); } i don't understand how pdo::fetch_func works. tried figure out. however, not well-documented. could please explain fetch mode? , also, 1 performs better? thank you. both methods wrong , have learn how use templates , how separate business logic presentation logic. $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); tpl::assign('users', $users); is code business logic part. then in template <?php foreach $users $row): ?> <div id="<?=$...
Read more

The canvas has been tainted by cross-origin data in chrome only -

-
uncaught securityerror: failed execute 'getimagedata' on 'canvasrenderingcontext2d': canvas has been tainted cross-origin data i getting above error in chrome. code(following) works fine in mozilla. have not corss domain issue. why above error in chrome? var wheel_canvas, wheel_context, can_w, can_h, wheel_grd; var large_radius = 160; var small_radius = 120; var wheel_canvas = document.getelementbyid('wheel_canvas'); var wheel_context = wheel_canvas.getcontext('2d'); var can_w = $(wheel_canvas).width(); var can_h = $(wheel_canvas).height(); var centerx = can_w / 2, centery = can_h / 2; var wheel_grd = null; test('#ff0000'); function test(hex) { $('#clrpicker').css({'left': 210, 'top': 210 }); inverted = hexbw(hex); $('#color_val_show').val(hex); current_color_hex_val_selected = hex; $('#color_val_show').css({'color':inverted,'background':hex}); fillgradient...
Read more