User Guide
HTMLEditFormat 651
HTMLEditFormat
Description
Replaces special characters in a string with their HTML-escaped equivalents.
Returns
HTML-escaped string string. Return characters are removed; line feed characters are preserved.
Characters with special meanings in HTML are converted to HTML character entities such as
>.
Category
Display and formatting functions
Function syntax
HTMLEditFormat(string [, version ])
See also
HTMLCodeFormat, cfapplication
Parameters
Usage
This function converts the following characters to HTML character entities:
This function can usefed to help protect ColdFusion pages that return user-provided data to the
client browser from cross-site scripting attacks. However, the
scriptprotect attribute of the
cfapplication tag or the equivalent This.scriptProtect variable setting in Application.cfc can be
preferable in most instances, because you only need to specify it once for an application.
This function typically increases the length of a string. This can cause unpredictable results when
performing certain string functions (
Left, Right, and Mid, for example) against the expanded
string.
Parameter Description
string A string or a variable that contains one.
version HTML version to use; currently ignored.
• -1: The latest implementation of HTML
• 2.0: HTML 2.0 (Default)
• 3.2: HTML 3.2
Text character Encoding
<<
>>
&&
“"