Right now HtmlEditFormat() with strings that already contain encoded
entities such as &, <, > and " (or any entities) are double encoded.
For example if the string of "Me, myself & I" is passed to
HtmlEditFormat(), the output is "Me, myself &amp; I". I don't think
is this the desired result. I think desired behavior is to leave
already encoded entities alone.
This can be fixed by using RegEx for the "&" character instead and
making sure that the "&" is not part of an entity. This the following
CFML code that works (I know the com.nary.utils.string class would have
to be changed):
<cffunction name="escapeHtml" access="public" returntype="string"
output="false"
hint="Escapes special characters '<', '>', '""' and '&' except it
leaves already escaped entities alone unlike HtmlEditFormat().">
<cfargument name="input" type="string" required="true"
hint="String to escape." />
<cfset var output = arguments.input />
<!--- The & is a special case since could be part of an already
escaped entity --->
<cfset output = REReplaceNoCase(output,
"&(?!([a-zA-Z][a-zA-Z0-9]*|(##\d+)){2,6};)", "&", "all") />
<!--- Deal with the easy characters --->
<cfset output = ReplaceList(output, '<,>,"', "<,>,"") />
<cfreturn output />
</cffunction>
I'll file a ticket if you guys this behavior should be corrected, but I
see no reason why anybody should be relying on the current behavior
since it's just plain wrong. The fix shouldn't be too hard.
.Peter
--~--~---------~--~----~------------~-------~--~----~
Open BlueDragon Public Mailing List
http://groups.google.com/group/openbd?hl=en
official site @ http://www.openbluedragon.org/
!! save a network - trim replies before posting !!
-~----------~----~----~----~------~----~------~--~---
