Function Description
Canonicalize Canonicalization is the process of reducing an encoded string down to its simplest form.
Decrypt Decrypts a string that is encrypted with the Encrypt function.
DecodeForHTML Decodes an HTML encoded string.
DecodeFromURL Decodes an encoded HTML URL string.
EncodeForCSS Encodes the input string for use in CSS.
EncodeForDN Encodes the input string for safe output in LDAP Distinguished Names.
EncodeForHTML Encodes the input string for safe output in the body of an HTML tag.
EncodeForHTMLAttribute Encodes the input string for safe output in the attribute value of an HTML tag.
EncodeForJavaScript Encodes the input string for use in JavaScript.
EncodeForLDAP Encodes the input string for safe output in LDAP queries.
EncodeForURL Encodes the input string for use in URLs.
EncodeForXML Encodes the input string for use in an XML.
EncodeForXMLAttribute Encodes a string that can be used as an XML attribute.
EncodeForXPath Returns an encoded string for using with XPath.
DecryptBinary Decrypts encrypted binary data with the specified key, value, algorithm, salt, and iterations.
Encrypt Encrypts a string.
EncryptBinary Encrypts binary data using a specific algorithm and encoding method.
GeneratePBKDFKey Generates a Password-Based Key-Derivation Function (PBKDF) key.
GenerateSecretKey Generates a secure random key value for use in the encrypt and decrypt functions.
GetAuthUser Gets the name of an authenticated user.
GetTempDirectory Gets the path of the directory that CFML uses for temporary files. 
GetTempFile Creates a temporary file in a directory whose name starts with
(at most) the first three characters of prefix.
GetUserRoles Retrieves the list of roles for the current user.
GetSafeHTML Sanitizes the given input string based on the the rules specified in an antisamy policy file. 
Hash Converts a string into a fixed length hexadecimal string.
Hmac Creates a keyed-hash message authentication code (HMAC), which can be used to verify authenticity and integrity of a message by two parties that share the key.
IsUserInAnyRole Determines whether an authenticated user belongs to any role in a list of roles.
IsUserInRole Determines whether an authenticated user belongs to the
specified role.
IsUserLoggedIn Determines whether a user is logged in.
isSafeHTML This function validates for allowed HTML according to the rules specified in the antisamy policy file.
SessionInvalidate Clears session scope and makes the current session identifiers no longer valid.
SessionRotate Creates a new session (using new session ids) and copies session scope into this new session, then invalidates the old session.
VerifyClient Verifies whether a request is from a valid client.