HTML
Functions
- DecodeForHtml()
Decodes the given encoded string.
- EncodeForHTML()
Encodes the given string for safe output in HTML to reduce the risk of Cross Site Scripting attacks.
- EncodeForHTMLAttribute()
Encodes the given string for safe output in HTML to reduce the risk of Cross Site Scripting attacks.
- ESAPIEncode()
Deprecated legacy function. Use context-specific functions (e.g., encodeForHTML) instead.
- GuardEncode()
Deprecated legacy function. Use context-specific functions (e.g., encodeForHTML) instead. Encodes data for a specific output context. This is a vital defense against Cross-Site Scripting (XSS) and injection attacks by ensuring characters are treated as data rather than executable code.
- HTMLCodeFormat()
Replaces special characters in a string with their HTML-escaped equivalents and inserts and tags at the beginning and end of the string. [version] HTML version to use. currently ignored. -1: The latest implementation of HTML 2.0: HTML 2.0 (Default) 3.2: HTML 3.2
- HTMLEditFormat()
Replaces special characters in a string with their HTML-escaped equivalents. [version] HTML version to use. currently ignored. -1: The latest implementation of HTML 2.0: HTML 2.0 (Default) 3.2: HTML 3.2 4.0: HTML 4.0
- HtmlParse()
parse the given html (not only xhtml) as xml Object, work similar to xmlParse, but this function is very forgiving with the syntax..
- ParagraphFormat()
Formats the carriage returns in a string to a HTML alternatives
- SanitizeHtml()
Sanitizes unsafe HTML input and removes elements and attributes like JavaScript, onclick, etc. See also https://github.com/OWASP/java-html-sanitizer
Tags
- <cfcol>
Defines table column header, width, alignment, and text. Used only inside a cftable.
- <cfhtmlbody>
Writes the text specified in the text attribute to the 'body' section of a generated HTML page. The cfhtmlbody tag can be useful for embedding JavaScript code, or placing other HTML tags that should go at the bottom of the page just before the closing body tag.
- <cfhtmlhead>
Writes the text specified in the text attribute to the 'head' section of a generated HTML page. The cfhtmlhead tag can be useful for embedding JavaScript code, or placing other HTML tags such, as META, LINK, TITLE, or BASE in an HTML page header.
Methods
- string.decodeForHTML()
Decodes the given encoded string.
- string.encodeForHTML()
Encodes the given string for safe output in HTML to reduce the risk of Cross Site Scripting attacks.
- string.encodeForHTMLAttribute()
Encodes the given string for safe output in HTML to reduce the risk of Cross Site Scripting attacks.
- string.paragraphFormat()
Formats the carriage returns in a string to a HTML alternatives
- string.sanitizeHTML()
Sanitizes unsafe HTML input and removes elements and attributes like JavaScript, onclick, etc. See also https://github.com/OWASP/java-html-sanitizer