EncodeForHTML

Encodes the input string for safe output in the body of a HTML tag.

The encoding in meant to mitigate Cross Site Scripting (XSS) attacks. This function can provide more protection from XSS than the HTMLEditFormat or XMLFormat functions do.

Method Signature

EncodeForHTML(string=[string], canonicalize=[boolean])

Arguments

Examples

Escapes the HTML characters

Run Example

htmlEditFormat( "This is a test & this is another <This text is in angle brackets> Previous line was blank!!!" );

Result: This is a test & this is another <This text is in angle brackets> Previous line was blank!!!

Additional Examples

Run Example

testString = "Hello !!!
<This text is inside of angle brackets>
This text is outside of angle brackets !!!";
writeoutput( testString );
writeoutput( "<h5>HTMLEditFormat</h5>" & HTMLEditFormat( testString ) );

Related

• ApplicationRestart

• ApplicationStartTime

• ApplicationStop

• BoxAnnounce

• BoxAnnounceAsync

• BoxModuleReload

• BoxRegisterInterceptionPoints

• BoxRegisterInterceptor

• BoxRegisterRequestInterceptor

• BoxUnregisterInterceptor

• BoxUnregisterRequestInterceptor

• CallStackGet

• CreateGUID

• CreateObject

• CreateUUID

• DE

• DebugBoxContexts

• Dump

• Duplicate

• echo

• GetApplicationMetadata

• GetBaseTagData

• GetBaseTagList

• GetBaseTemplatePath

• GetBoxContext

• GetBoxRuntime

• GetBoxVersionInfo

• GetClassMetadata

• GetComponentList

• GetContextRoot

• GetCurrentTemplatePath

• GetFileFromPath

• GetFunctionCalledName

• GetFunctionList

• GetModuleInfo

• GetModuleList

• GetRequestClassLoader

• GetSemver

• GetSystemSetting

• GetTempDirectory

• GetTickCount

• htmlEditFormat

• IIF

• Invoke

• IsInstanceOf

• JavaCast

• ObjectDeserialize

• ObjectSerialize

• PagePoolClear

• Print

• Println

• RunThreadInContext

• SessionInvalidate

• SessionRotate

• SessionStartTime

• Sleep

• SystemCacheClear

• SystemExecute

• SystemOutput

• Throw

• Trace

• URLDecode

• URLEncodedFormat

• writeDump

• WriteLog

• WriteOutput