Suppress HTML name of a character (like quotes or &) in ColdFusion form_问答_开发者

Suppress HTML name of a character (like quotes or &) in ColdFusion form

开发者 https://www.devze.com 2023-02-06 02:13 出处：网络

I have a ColdFusion form that I need to scrub some offending code from and still keep some basic punctuation.

In my development I've set up a function with ReReplaceNoCase() and a pile of RegEx to clean just about everything and开发者_开发问答 leave me with 3 different variables. one is used to rename a photo, the other ecomes the alt ad title and the third becomes the headline for the product in an <h1> tag

But I've encountered a strange problem. In my input I get the HTML name for some things like " for double quotes but not for single quotes.

For example, when I have a string like ""Great" leather harnesses & More!" I get back 3 strings useable for my project:

_Great_leather_harnesses_and_more_ - which concats with .jpg to become the file name

Great leather harnesses and more - which become alt and title attributes

and Great leather harnesses and more! - becomes my <h1>

The trouble is my form submits " for the double quotes and & for the & but ! for the exclamation point.

What can I do to force my form to post ONLY the character to my function so I don't have to go through every character with an HTML name and zap it? By the way, I'm getting the same results with either <input type="text"... and <textarea>.

Here's my scrubing bubles of RegEx:

<cfset string = #form.product_name#>
    <cfset replaceQuotes = ReReplaceNoCase(string, "(&quo;)", "", "all")>
    <cfset replaceAnd = ReReplaceNoCase(replaceQuotes, "(&amp;)|(&)|(amp;)", " and ", "all")>
    <cfset replacePercent = ReReplaceNoCase(replaceAnd, "\%", " Percent ", "all")>
    <cfset scrubName = ReReplaceNoCase(replacePercent, "[^a-zA-Z0-9]", "_", "all")>
    <cfset cleanFileName = ReReplaceNoCase(scrubName, "[_]{2,}", "_", "all")>
    <cfset cleanAlt = ReReplaceNoCase(scrubName, "[_]", " ", "all")>
    <cfset headlinetoClean = ReReplaceNoCase(replacePercent, "[^a-zA-Z0-9.,!'\-\+]", " ", "all")>
    <cfset cleanHeadline = ReReplaceNoCase(headlinetoClean, "[\s]{2,}", " ", "all")>

If it matters I'm declaring <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> in the head of the page...

Edit - Added form and validation code -

And my form:

<cfform name="newProduct" id="newProduct" >
<label for="product_name">Product Name: </label><cfinput name="product_name" id="product_name" style="width:300px;"/>
<cfinput name="submit" id="submit" type="submit" value="Create Page" />
</cfform>

Some validation - I suspect this may be the issue? :

<cfif not len(trim(form.product_name))>
    <cfset arrayAppend( errors, "You forgot to name the product")>
<cfelse>
    <cfset form.product_name = htmlEditFormat(trim(form.product_name))>
</cfif>

I'm pretty fresh at this RegEx so I'm sure there's a smarter way to go about this. But, this mechanism does seem to work, mostly.

Your suspicion is correct, HTMLEditFormat() is the problem - http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7847.html - it escapes <>&".