User Guide Cancel

isSafeHTML

 

This function validates for allowed HTML according to the rules specified in the antisamy policy file. This can be used to prevent unwanted user supplied HTML being used in an application.

Returns

Returns false if the input violates the allowed HTML rules.

Syntax

IsSafeHTML(inputString [, policyFile])
IsSafeHTML(inputString [, policyFile])
IsSafeHTML(inputString [, policyFile])

Parameter

Parameter

Description

inputString

Required. The string to be encoded.

policyFile

Optional. The file path for an  antisamy policy file which specifies HTML rules. In case if not specified, there is a provision to set this at the application level. Else the default policy file shipped with ColdFusion will be used.

Example

This example illustrates a sample Antisamy component.

<cfcomponent>
<cfset this.security.antisamypolicy = "antisamy.xml">
</cfcomponent>
<cfcomponent> <cfset this.security.antisamypolicy = "antisamy.xml"> </cfcomponent>
<cfcomponent>
<cfset this.security.antisamypolicy = "antisamy.xml">
</cfcomponent>

The following example illustrates a isSafeHTML and getSafeHTML validation.

In the following example, the input HTML file is a GIF image (http://www.techsite.com/img.gif). On processing it through the functions (isSafeHTML, getSafeHTML) checks if the given input string violates the rules specified in the Antisamy policy file and returns true if the input does not violate the allowed HTML rules.

<cfset inputHTML= "<img src='http://www.techsite.com/img.gif'/>">
<cfset isSafe = isSafeHTML(inputHTML)>
<cfset SafeHTML = getSafeHTML(inputHTML, "", true)>
<cfoutput>
is Safe : #
isSafe#
Safe HTML : #
SafeHTML#
</cfoutput>
<cfset inputHTML= "<img src='http://www.techsite.com/img.gif'/>"> <cfset isSafe = isSafeHTML(inputHTML)> <cfset SafeHTML = getSafeHTML(inputHTML, "", true)> <cfoutput> is Safe : # isSafe# Safe HTML : # SafeHTML# </cfoutput>
<cfset inputHTML= "<img src='http://www.techsite.com/img.gif'/>">
<cfset isSafe = isSafeHTML(inputHTML)>
<cfset SafeHTML = getSafeHTML(inputHTML, "", true)>
<cfoutput>
is Safe : #
isSafe#
Safe HTML : #
SafeHTML#
</cfoutput>

Get help faster and easier

New user?