HTMLEditFormat

Description

Replaces special characters in a string with their HTML-escaped equivalents.

Returns

HTML-escaped string string. Return characters are removed; line feed characters are preserved. Characters with special meanings in HTML are converted to HTML character entities such as >.

Category

Display and formatting functions

Function syntax

HTMLEditFormat(string [, version ])

See also

HTMLCodeFormat, cfapplication

Parameters

Parameter

Description

string

A string or a variable that contains one.

version

HTML version to use; currently ignored.

  • -1: The latest implementation of HTML

  • 2.0: HTML 2.0 (default)

  • 3.2: HTML 3.2

Usage

This function converts the following characters to HTML character entities:

Text character

Encoding

<

&lt;

>

&gt;

&

&amp;

&quot;

This function can be used to help protect ColdFusion pages that return user-provided data to the client browser from cross-site scripting attacks. However, the scriptprotect attribute of the cfapplication tag or the equivalent This.scriptProtect variable setting in Application.cfc can be preferable in most instances, because you only need to specify it once for an application.

This function typically increases the length of a string. This can cause unpredictable results when performing certain string functions (Left, Right, and Mid, for example) against the expanded string.

The only difference between this function and HTMLCodeFormat is that HTMLCodeFormat surrounds the text in an HTML pre tag.

Example

<!--- This example shows the effects of HTMLCodeFormat and  
HTMLEditFormat. View it in your browser, then View it 
using your browser's the View Source command. ---> 
<cfset testString="This is a test 
& this is another  
<This text is in angle brackets> 
 
Previous line was blank!!!"> 
 
<cfoutput> 
<h3>The text without processing</h3> 
#testString#<br> 
<h3>Using HTMLCodeFormat</h3> 
#HTMLCodeFormat(testString)# 
<h3>Using HTMLEditFormat</h3> 
#HTMLEditFormat(testString)# 
</cfoutput>