This function validates for allowed HTML according to the rules specified in the antisamy policy file. This can be used to prevent unwanted user supplied HTML being used in an application.


Returns false if the input violates the allowed HTML rules.





Required. The string to be encoded.


Optional. File path for antisamy policy file which specifies HTML rules. In case if not specified, there is a provision to set this at application level. Else the default policy file shipped with ColdFusion will be used.


This example illustrates a sample Antisamy component.

<cfset = "antisamy.xml">

The following example illustrates a isSafeHTML and getSafeHTML validation.

In the following example, the input HTML file is a GIF image ( On processing it through the functions (isSafeHTML, getSafeHTML) checks if the given input string violates the rules specified in the Antisamy policy file and returns true if the input does not violate the allowed HTML rules.

<cfset inputHTML= "<img src=''/>">
<cfset isSafe = isSafeHTML(inputHTML)>
<cfset SafeHTML = getSafeHTML(inputHTML, "", true)>
is Safe : #
Safe HTML : #

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy