开发者

form variables and double quotes

问答 作者:

I am populating form variables from a database. If the field value has a double quote in it, such as 3" for 3 inches, then the html source looks like the following:

<input name="width" value="3"">

Q: How do I handle fields that contain double quotes?

I first thought it was a cfqueryparam problem, but it tu开发者_运维百科rns out it's an html problem.

Use HtmlEditFormat when displaying the value.

Like this:

<input name="width" value="#HtmlEditFormat(Form.Width)#" />


There is also:

XmlFormat for XML output;
JsStringFormat for JavaScript output;
UrlEncodedFormat for URL content.

For more complete/heavyweight stuff, you could consider OWASP's ESAPI - a Java Security API which can be used from CF and provides the following:

Context        Method
-------        ------
HTML           esapi.encodeForHTML(variable)
HTML Attribute esapi.encodeForHTMLAttribute(variable)
JavaScript     esapi.encodeForJavaScript(variable)
CSS            esapi.encodeForCSS(variable)
URL            esapi.encodeForURL(variable)

(from Pete Freitag's cfunited presentation slides)

I think it's probably the browser, you need to encode the quote using " in your HTML then it should pass properly.

继续阅读:coldfusion

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9