Hi folks,
It looks to me that in CF9, HTMLEditFormat no longer escapes text that's
already escaped. In other words, all these lines except the first one produce
identical results inside cfoutput (except for the line number, and assuming
this code makes it ok through email):
1 & " < >
2 & " < >
3 #HTMLEditFormat('& " < >')#
4 #HTMLEditFormat('& " < >')#
4 #HTMLEditFormat(HTMLEditFormat('& " < >'))#
6 #HTMLEditFormat(HTMLEditFormat(HTMLEditFormat('& " < >')))#
7 #HTMLEditFormat(HTMLEditFormat(HTMLEditFormat(HTMLEditFormat('& " < >'))))#
I've tested this on two different machines, both win7, one 32-bit and one 64,
identical results. I've captured the output to a file and looked at it in an
editor to make sure it's not a browser hallucination (but I know it's not
anyway because a home-grown alternative works as expected).
This is very very bad in some contexts, for instance display or editing of
html/cfml code, where it's essential that whatever the original is, what goes
to the browser needs to be escaped one more level. I've been using
HTMLEditFormat for this for years, and now it appears to be broken.
Of course I can write a replacement easily, just trying to understand what's
going on, and if I'm seeing what I think I am, eventually figure out if Adobe
considers it an improvement, or a bug that'll eventually get fixed.
Is anyone else seeing this? Any ideas? Any place else I ought to be asking?
(Doesn't seem like a real Stack Overflow question, for instance.)
Thanks,
Dave
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336288
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
