https://forums.adobe.com/community/coldfusion/documentation?view=discussions Most recent forum messages en Thu, 23 May 2013 14:05:20 GMT Jive Engage 7.0.0.1 (http://jivesoftware.com/products/) 2013-05-23T14:05:20Z en https://forums.adobe.com/message/5346239?tstart=0#5346239 <!-- [DocumentBodyStart:d0e47f77-0233-4d55-87d4-d5a1bfb2d6c2] --><div class="jive-rendered-content"><p>Just FYI, I did some analysis here:</p><p>According to the docs for OWASP&#8217;s encodeForHtml(), this function ought to be escaping characters in these ranges: 00-08, 0B-0C, 0E-1F, and 7F-9F. However, obviously, there are no characters in those ranges in that input string.</p><p style="min-height: 8pt; padding: 0px;">&nbsp;</p><p>Now I can see what&#8217;s going on: a THORN is HTML character entity 222, which is DE in hex, so if one was to treat "%DE" as a percent-encoded hex charcter, then that&#8217;d be a thorn. However percent encoding has got nothing to do with HTML (it&#8217;s to do with URIs), so that interpretation seems irrelevant to me.&nbsp; What I do know is that in the context of HTML, "%device%" doesn&#8217;t need encoding to be "safe", so it shouldn&#8217;t be touched by this function.</p><p style="min-height: 8pt; padding: 0px;">&nbsp;</p><p>Not that this helps you, but it helps understand what's going on.</p><p style="min-height: 8pt; padding: 0px;">&nbsp;</p><p>I've voted for the bug.</p><p style="min-height: 8pt; padding: 0px;">&nbsp;</p><p>-- </p><p>Adam</p></div><!-- [DocumentBodyEnd:d0e47f77-0233-4d55-87d4-d5a1bfb2d6c2] --><img src='/beacon?t=1415921479326' /> Thu, 23 May 2013 14:05:20 GMT forums_noreply@adobe.com https://forums.adobe.com/message/5346239?tstart=0#5346239 2013-05-23T14:05:20Z 1 year 6 months ago 0 https://forums.adobe.com/message/5346186?tstart=0#5346186 <!-- [DocumentBodyStart:79bf5bea-f0bf-4646-9579-fddec5b3d8ee] --><div class="jive-rendered-content"><p>Alright, until I know more I'm sticking with the old HTMLEditFormat.&nbsp; In the mean time I've added Bug 3566150.</p></div><!-- [DocumentBodyEnd:79bf5bea-f0bf-4646-9579-fddec5b3d8ee] --> Thu, 23 May 2013 13:58:32 GMT forums_noreply@adobe.com https://forums.adobe.com/message/5346186?tstart=0#5346186 2013-05-23T13:58:32Z 1 year 6 months ago 1 0 https://forums.adobe.com/message/5344623?tstart=0#5344623 <!-- [DocumentBodyStart:a03c4c44-80ad-4126-ae11-6237cc25e6a2] --><div class="jive-rendered-content"><p>I see the same. I'd raise a bug if I was you. As for a work-around, not sure, given I don't see why it's messing with your string in the first place (it already seems safe to me?)</p><p style="min-height: 8pt; padding: 0px;">&nbsp;</p><p>-- </p><p>Adam</p></div><!-- [DocumentBodyEnd:a03c4c44-80ad-4126-ae11-6237cc25e6a2] --> Wed, 22 May 2013 22:33:35 GMT forums_noreply@adobe.com https://forums.adobe.com/message/5344623?tstart=0#5344623 2013-05-22T22:33:35Z 1 year 6 months ago 2 0 https://forums.adobe.com/message/5342762?tstart=0#5342762 <!-- [DocumentBodyStart:ba49d954-a444-4efb-901a-5d778347ee9a] --><div class="jive-rendered-content"><p>When I try "EncodeForHTML('%Device%')" I end up with "&#222;vice&amp;#x25;" which displays on the page as "&#222;vice%"&nbsp; Obviously this isn't what I intended.&nbsp; Is there a way to prevent this function from assuming the input string is encoded?</p></div><!-- [DocumentBodyEnd:ba49d954-a444-4efb-901a-5d778347ee9a] --> Wed, 22 May 2013 13:56:33 GMT forums_noreply@adobe.com https://forums.adobe.com/message/5342762?tstart=0#5342762 2013-05-22T13:56:33Z 1 year 6 months ago 3 0 https://forums.adobe.com/message/4408626?tstart=0#4408626 <!-- [DocumentBodyStart:744234cd-b129-4b59-a1b1-5e4172d1c90a] --><div class="jive-rendered-content"><p>Hi Adam,</p><p style="min-height: 8pt; padding: 0px;">&nbsp;</p><p>Thank you for your feedback. The docs have been pushed live for CF10 <span style="font-size: 10.0pt; font-family: 'Georgia','serif';"><a class="jive-link-external-small" href="http://www.adobe.com/support/coldfusion" rel="nofollow">http://www.adobe.com/support/coldfusion</a></span>. We will make the necessary changes during the next doc refresh cycle.</p><p style="min-height: 8pt; padding: 0px;">&nbsp;</p><p>Regards,</p><p>Suhas Yogin</p></div><!-- [DocumentBodyEnd:744234cd-b129-4b59-a1b1-5e4172d1c90a] --> Tue, 15 May 2012 12:41:48 GMT forums_noreply@adobe.com https://forums.adobe.com/message/4408626?tstart=0#4408626 2012-05-15T12:41:48Z 2 years 6 months ago 0 https://forums.adobe.com/message/4408634?tstart=0#4408634 <!-- [DocumentBodyStart:2184d113-8008-403e-b6a1-7d4c74483f40] --><div class="jive-rendered-content"><p><span>This page should cross-ref to the page for htmlEditFormat() (</span><a class="jive-link-external-small" href="http://help.adobe.com/en_US/ColdFusion/10.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7847.html" rel="nofollow">http://help.adobe.com/en_US/ColdFusion/10.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7 847.html</a><span>), as well as discuss the differences and merits of each; both in the context of intended usage and functionality.</span></p></div><!-- [DocumentBodyEnd:2184d113-8008-403e-b6a1-7d4c74483f40] --> Tue, 15 May 2012 12:32:39 GMT forums_noreply@adobe.com https://forums.adobe.com/message/4408634?tstart=0#4408634 2012-05-15T12:32:39Z 2 years 6 months ago 1 0 https://forums.adobe.com/message/4408573?tstart=0#4408573 <!-- [DocumentBodyStart:914bc1b3-0581-4b71-bdc1-09fa391122e9] --><div class="jive-rendered-content"><p><span>This question was posted in response to the following article: </span><a class="jive-link-external-small" href="http://help.adobe.com/en_US/ColdFusion/10.0/CFMLRef/WS932f2e4c7c04df8f-6f7941141353e2963af-7fff.html" rel="nofollow">http://help.adobe.com/en_US/ColdFusion/10.0/CFMLRef/WS932f2e4c7c04df8f-6f7941141353e2963af -7fff.html</a></p></div><!-- [DocumentBodyEnd:914bc1b3-0581-4b71-bdc1-09fa391122e9] --> Tue, 15 May 2012 12:32:39 GMT forums_noreply@adobe.com https://forums.adobe.com/message/4408573?tstart=0#4408573 2012-05-15T12:32:39Z 2 years 6 months ago 6 0