GetSafeHTML

Last update:

May 18, 2026

getSafeHTML() sanitizes the given input string based on the the rules specified in an antisamy policy file. This can be used to prevent unwanted user supplied HTML being used in an application.

Returns

Returns the sanitized input. If throwOnError is set to true, it returns an error. Otherwise, it returns an empty string.

Syntax

GetSafeHTML(string [,policyFile, throwOnError])

History

ColdFusion 11: Added this function

Parameter

Parameter	Description
inputString	Required. The string to be encoded.
policyFile	Optional. File path for antisamy policy file which specifies HTML rules. In case if not specified, there is a provision to set this at application level. Else the default policy file shipped with ColdFusion will be used.
throwOnError	Optional. If set to true, exception is thrown.

Example

The following example illustrates a sample Antisamy component:

<cfcomponent>

<cfset this.security.antisamypolicy = "antisamy.xml">

</cfcomponent>

The following example illustrates isSafeHTML and getSafeHTML validation.

In the example, the input HTML file is a GIF image. On processing it through the functions (isSafeHTML, getSafeHTML), checks if the given input string violates the rules specified in antiSamy policy file and returns true if the input does not violate the allowed HTML rules.

<cfset isSafe = isSafeHTML(inputHTML)>

<cfset SafeHTML = getSafeHTML(inputHTML, "", true)>

<cfoutput> is Safe : #isSafe# Safe HTML : #SafeHTML# </cfoutput>

Note:

maxInputsize directive of antisamy specifies the maximum size of user input before it gets validated. antisamy-basic.xml, which was shipped by ColdFusion 11, restricts the input to 5000 characters. If the input supplied to this function is greater than 5000, you get an error. However, you can change this limit according to your requirement. Removing this directive from the antisamy-basic.xml sets the default limit to 100,000.

Was this page helpful?

We're glad. Tell us how this page helped.

Found the answer to my problem Understood the instructions Liked the feature

Other suggestions

We're sorry. Can you tell us what didn't work for you?

Didn't find the answer to my problem Couldn't understand the instructions Didn't like the feature

Other suggestions

Thank you for your feedback. Your response will help improve this page.

Was this helpful?

We are sorry the content didn't meet your needs.

Share additional feedback to help us improve.

0/255 | Character limit exceeded.

Thank you so much for sharing your feedback!

GetSafeHTML

Returns

History

See Also

Parameter

Example

On this page