ESAPIEncode
Scattered throughout this section, and throughout the default theme that ships with Mura, you'll find references to a special method called esapiEncode
. This method is used to encode a given string for safe output to stop Cross Site Scripting attacks. You can safely use this method in Mura, even though it has not been fully implemented in all available CFML engines yet. We highly recommend you utilize this method where appropriate. For example, text that has been entered into a textbox or textarea form field by an end user or content manager. Refer to the use cases in this section for detailed examples.
Function Syntax
esapiEncode( encodeFor, string )
Parameters
Parameter | Description |
---|---|
encodeFor (string, required) |
encode for what, valid values are:
|
string (string, required) |
string to encode |