Bryan, For clarification, how are the comments content being evaluated by CF and causing it to choke? It seems to me that those should be handled as strings and that they wouldnt be evaluated by CF, unless they are wrapped in an eval(). If the whole string from a user comment is being evaluated, that seems like a possible security issue. Since youre dealing with a pipe-delimited list, can you migrate them to a variable-safe array with listToArray(mypipelist,|,true) and process them that way?
It seems to me that a regex replacement of &#([^;]*); with #chr(\1)# should allow for the characters to be rendered correctly and then re-run the replacement to double # the remaining pound symbols - even if CF is evaluating them. Jon On Feb 7, 2014, at 12:36 PM, Bryan Stevenson <br...@electricedgesystems.com> wrote: > > Thanks Rob/Russ....starting to think I will either do as you both > suggested and replace # with ## in the AIR app or do as I also mentioned > and not allow the few characters I'd have issues with (most users don't > need ~,|,^, or # in comments....# being the most likely, but they can > use "No." or "Num" or "Number" or "pounds" or "lbs" as acceptable > replacements). > > Sometimes you just have to back away one step from perfect and become > practical ;-) > > Cheers > > *Bryan Stevenson*B.Comm. > President & CEO > Electric Edge Systems Group Inc. - makers of FACTS^(TM) > phone: 250.480.0642 > cell: 250.920.8830 > e-mail: br...@electricedgesystems.com <mailto:br...@electricedgesystems.com> > web: www.electricedgesystems.com <http://www.electricedgesystems.com> > and www.fisheryfacts.com <http://www.fisheryfacts.com> > > ------------------------------------------------------------------------ > > Please consider the environment before printing this e-mail > > -----CONFIDENTIALITY------ > This message, including any attachments, is confidential and may contain > information that is privileged or exempt from disclosure. It is intended > only for the person to whom it is addressed unless expressly authorized > otherwise by the sender. If you are not an authorized recipient, please > notify the sender immediately and permanently destroy all copies of this > message and attachments. > On 14-02-07 09:28 AM, Rob Parkhill wrote: >> I thought the #'s were inside the list. If not and you control the AIR >> app, then just add the replace on the other end, as Russ suggested. >> >> >> On Fri, Feb 7, 2014 at 12:20 PM, Bryan Stevenson < >> br...@electricedgesystems.com> wrote: >> >>> Thanks Rob....sorry I should have mentioned that was the first thing I >>> tried (ye old double up the #), but the issue seems to be that when a >>> variable arrives on CF's door with a single # in it, CF bombs when >>> attempting to run the replace. Now I did say "seems"....the way my day >>> has gone....I will re-test that to make dang sure ;-) >>> >>> Cheers >>> >>> On 14-02-07 09:08 AM, Rob Parkhill wrote: >>>> Run a Replace on the string of data, and change the single # to a double >>> ## >>>> that then CF would process as a single one? >>> >>> >>> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357623 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
