Won't the function you mention solve the problem you are describing?
Well, first, that's not ASCII encoding, that's HTML Entity Encoding.
Second, no. There is not a built-in function for decoding HTML entities. The purpose of the function is to use it when displaying output to the screen, not to use it before sotring data for later use.
Obviously that doesn't help since you already have a system that encodes before putting data into the DB. So you need a way to decode it.
If you are using CF8 or CF9, with all of the security hotfixes installed, or you are using CF10, then you'll have ESAPI available to you via Java integration. ESAPI is a security tool from OWASP with built-in encoders and decoders. You can use those. Here is how.
<cfset string = "<hi>" />
<cfset list = createObject("java", "java.util.ArrayList") />
<cfset htmlCodec = createObject("java", "org.owasp.esapi.codecs.HTMLEntityCodec") />
<cfset list.add(htmlCodec) />
<cfset encoder = createObject("java", "org.owasp.esapi.reference.DefaultEncoder").init(list) />
Hope that helps.
@Dan: Unfortunately, no, as URLDecoder is primarily for reverting URL Encoded text (the equivalent of < in URL Encoded text is "%3c", not "<".)
@12Robots: Brilliant! I'll give that a shot and report back. Thanks, again!
DRAT!! I'm getting an error message:
Class not found. org.owasp.esapi.codecs.HTMLEntityCodec
Granted, this is on my personal CF Server, which is 9.0.1 (pre-June 1, 2012), but I don't know if the settings are any different on the dev or production servers.
Just in case I can convince my boss to make sure the settings are available in dev/production, how would I fix the issue?
Alllllllllllllllllrighty, then. I downloaded and installed the two security hotfixes for CF9.0.1. The first one, by itself, did not fix the issue; but applying the second hotfix worked. I am now not seeing the error message regarding the missing class. AND, it appears to be doing exactly as 12Robots stated. Awesome!
Thank you, again, 12Robots!
Yeah, that's why I said you needed all of the security updates. ESAPI didn't come with CF9 by default. It showed up in Security HotFix 2.
You could have added the file manually by downloading the ESAPI jar, but doign it this way is better.
Glad it worked out.