Reputation: 7563
Is ColdFusion's isSafeHTML() documentation wrong everywhere?
I have been trying to use isSafeHTML() to tell users whether the HTML they have submitted is allowed or not. The documentation at both CFDocs.org and Adobe.com show the function requires three parameters: inputString, policyFile, throwOnError. However, when I supply all three parameters, I get an error saying it only accepts 1 or 2 parameters.
After some testing, I have come to the conclusion that throwOnError is not a valid parameter for this function. Can anyone else confirm this? If so, is there any way to update the documentation so others do not run into the same issue?
Upvotes: 1
Views: 199
Answers (1)
Reputation: 1031
You are correct, I just tested it on ColdFusion 2016 update 2 (2016,0,02,299200) and it threw:
Parameter validation error for the ISSAFEHTML function. The function accepts 1 to 2 parameters.
Using this code:
<cfoutput>
#isSafeHTML("html", server.coldfusion.rootdir & "/lib/antisamy-basic.xml", true)#
</cfoutput>
I have updated the cfdocs.org site to remove the throwOnError argument. For future reference you can fix docs on cfdocs.org by clicking on the Edit button, or if you just want to point out an issue you can click on the Issue button.
For Adobe docs, you can file a bug report here: https://bugbase.adobe.com/
Upvotes: 5
Related Questions
- Use of IS outside of <cfif>
- ColdFusion CFIF
- Is the addtoken parameter in the location function(cflocation tag) a boolean?
- Is this a ColdFusion Bug in cfscript?
- ColdFusion isDefined
- CFIncludes best-practice and potential security concerns
- coldfusion cfcase not working as per documentation
- Coldfusion 8 doing both CFIf and the CFElse statement
- ColdFusion Coding Guideline? Where did it go?
- CF8's CFFEED quirks?