ASCII equivalent of CF's URLDecode?

Report · Aug 10, 2012

Hello, everyone.

Even though I've been working with CF for over a decade, this is going to sound like a total n00b question. I'm just drawing a blank, right now. Google isn't much help.

Is there an ASCII equivalent of URLDecode??

Where I work, everything that is inserted into a database goes through a filter that changes certain characters to their ASCII equivalent (ie, the less than "<" is altered to "<"). For displaying the data, I need to revert the < back to < for formatting (there are <br /> in place of line breaks, in the data.)

If not, I suppose I should check cflib to see if there is a UDF. Hmm..

Respectfully,

^_^

Report · Aug 10, 2012

Won't the function you mention solve the problem you are describing?

Report · Aug 10, 2012

Well, first, that's not ASCII encoding, that's HTML Entity Encoding.

Second, no. There is not a built-in function for decoding HTML entities. The purpose of the function is to use it when displaying output to the screen, not to use it before sotring data for later use.

Obviously that doesn't help since you already have a system that encodes before putting data into the DB. So you need a way to decode it.

If you are using CF8 or CF9, with all of the security hotfixes installed, or you are using CF10, then you'll have ESAPI available to you via Java integration. ESAPI is a security tool from OWASP with built-in encoders and decoders. You can use those. Here is how.

#string#

<br />

#encoder.decodeForHTML(string)#

</cfoutput>

Hope that helps.

Report · Aug 10, 2012

@Dan: Unfortunately, no, as URLDecoder is primarily for reverting URL Encoded text (the equivalent of < in URL Encoded text is "%3c", not "<".)

@12Robots: Brilliant! I'll give that a shot and report back. Thanks, again!

^_^

Report · Aug 10, 2012

DRAT!! I'm getting an error message:

Class not found. org.owasp.esapi.codecs.HTMLEntityCodec

Granted, this is on my personal CF Server, which is 9.0.1 (pre-June 1, 2012), but I don't know if the settings are any different on the dev or production servers.

Just in case I can convince my boss to make sure the settings are available in dev/production, how would I fix the issue?

Thanks,

^_^

Report · Aug 10, 2012

Alllllllllllllllllrighty, then. I downloaded and installed the two security hotfixes for CF9.0.1. The first one, by itself, did not fix the issue; but applying the second hotfix worked. I am now not seeing the error message regarding the missing class. AND, it appears to be doing exactly as 12Robots stated. Awesome!

Thank you, again, 12Robots!

^_^

Report · Aug 10, 2012

Yeah, that's why I said you needed all of the security updates. ESAPI didn't come with CF9 by default. It showed up in Security HotFix 2.

You could have added the file manually by downloading the ESAPI jar, but doign it this way is better.

Glad it worked out.

Jason

Adobe Community

ASCII equivalent of CF's URLDecode?

1 Correct answer