Hi folks, It looks to me that in CF9, HTMLEditFormat no longer escapes text that's already escaped. In other words, all these lines except the first one produce identical results inside cfoutput (except for the line number, and assuming this code makes it ok through email): 1 & " < > 2 & " < > 3 #HTMLEditFormat('& " < >')# 4 #HTMLEditFormat('& " < >')# 4 #HTMLEditFormat(HTMLEditFormat('& " < >'))# 6 #HTMLEditFormat(HTMLEditFormat(HTMLEditFormat('& " < >')))# 7 #HTMLEditFormat(HTMLEditFormat(HTMLEditFormat(HTMLEditFormat('& " < >'))))#
I've tested this on two different machines, both win7, one 32-bit and one 64, identical results. I've captured the output to a file and looked at it in an editor to make sure it's not a browser hallucination (but I know it's not anyway because a home-grown alternative works as expected). This is very very bad in some contexts, for instance display or editing of html/cfml code, where it's essential that whatever the original is, what goes to the browser needs to be escaped one more level. I've been using HTMLEditFormat for this for years, and now it appears to be broken. Of course I can write a replacement easily, just trying to understand what's going on, and if I'm seeing what I think I am, eventually figure out if Adobe considers it an improvement, or a bug that'll eventually get fixed. Is anyone else seeing this? Any ideas? Any place else I ought to be asking? (Doesn't seem like a real Stack Overflow question, for instance.) Thanks, Dave ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336288 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm