Your Rating: Results: PatheticBadOKGoodOutstanding! 2 rates

getSafeHTML() sanitizes the given input string based on the the rules specified in an antisamy policy file. This can be used to prevent unwanted user supplied HTML being used in an application.

Returns

Returns the sanitized input. If throwOnError is set to true, it returns an error. Otherwise, it returns an empty string.

Returns

ColdFusion 11: Added this function

See Also

isSafeHTML

Parameter

Parameter

Description

inputString

Required. The string to be encoded.

PolicyFile

Optional. File path for antisamy policy file which specifies HTML rules. In case if not specified, there is a provision to set this at application level. Else the default policy file shipped with ColdFusion will be used.

throwOnError

Optional. If set to true, exception is thrown.

Example

The following example illustrates a sample Antisamy component:

 

The following example illustrates isSafeHTML and getSafeHTML validation.

In the example, the input HTML file is a GIF image. On processing it through the functions (isSafeHTML, getSafeHTML), checks if the given input string violates the rules specified in antiSamy policy file and returns true if the input does not violate the allowed HTML rules.

 

 

Labels
  • None

Searching ColdFusion, English documentation