Encodes the input string for safe output in the body of a HTML tag.
The encoding in meant to mitigate Cross Site Scripting (XSS) attacks. This function can provide more protection from XSS than the HTMLEditFormat or XMLFormat functions do.
EncodeForHTML(string=[string], canonicalize=[boolean])
| Argument | Type | Required | Description | Default |
|---|---|---|---|---|
string |
string |
true |
The string to encode. | |
canonicalize |
boolean |
true |
If set to true, canonicalization happens before encoding. If set to false, the given input string will just be encoded. | false |
- ApplicationRestart
- ApplicationStartTime
- ApplicationStop
- BoxAnnounce
- BoxAnnounceAsync
- BoxRegisterInterceptor
- BoxRegisterRequestInterceptor
- CallStackGet
- CreateGUID
- CreateObject
- CreateUUID
- DE
- DebugBoxContexts
- Dump
- Duplicate
- echo
- GetApplicationMetadata
- GetBaseTagData
- GetBaseTagList
- GetBaseTemplatePath
- GetBoxContext
- GetBoxRuntime
- GetBoxVersionInfo
- GetClassMetadata
- GetComponentList
- GetContextRoot
- GetCurrentTemplatePath
- GetFileFromPath
- GetFunctionCalledName
- GetFunctionList
- GetModuleInfo
- GetModuleList
- GetRequestClassLoader
- GetSystemSetting
- GetTempDirectory
- GetTickCount
- htmlEditFormat
- IIF
- Invoke
- IsInstanceOf
- JavaCast
- ObjectDeserialize
- ObjectSerialize
- PagePoolClear
- Println
- RunThreadInContext
- SessionInvalidate
- SessionRotate
- SessionStartTime
- Sleep
- SystemCacheClear
- SystemExecute
- SystemOutput
- Throw
- Trace
- URLDecode
- URLEncodedFormat
- writeDump
- WriteLog
- WriteOutput