Whatever message this page gives is out now! Go check it out!
isSafeHTML
Last update:
May 18, 2026
This function validates for allowed HTML according to the rules specified in the antisamy policy file. This can be used to prevent unwanted user supplied HTML being used in an application.
Returns
Returns false if the input violates the allowed HTML rules.
Syntax
IsSafeHTML(inputString [, policyFile])Parameter
Parameter | Description |
inputString | Required. The string to be encoded. |
policyFile | Optional. The file path for an antisamy policy file which specifies HTML rules. In case if not specified, there is a provision to set this at the application level. Else the default policy file shipped with ColdFusion will be used. |
Example
This example illustrates a sample Antisamy component.
<cfcomponent>
<cfset this.security.antisamypolicy = "antisamy.xml">
</cfcomponent>The following example illustrates a isSafeHTML and getSafeHTML validation.
In the following example, the input HTML file is a GIF image (http://www.techsite.com/img.gif). On processing it through the functions (isSafeHTML, getSafeHTML) checks if the given input string violates the rules specified in the Antisamy policy file and returns true if the input does not violate the allowed HTML rules.
<cfset inputHTML= "<img src='http://www.techsite.com/img.gif'/>">
<cfset isSafe = isSafeHTML(inputHTML)>
<cfset SafeHTML = getSafeHTML(inputHTML, "", true)>
<cfoutput>
is Safe : #
isSafe#
Safe HTML : #
SafeHTML#
</cfoutput>
We're glad. Tell us how this page helped.
We're sorry. Can you tell us what didn't work for you?
Share additional feedback to help us improve.
0/255
|
