See also
Parameters
Parameter
Description
string
A string or a variable that contains one.
version
HTML version to use; currently ignored.
-1: The latest implementation of HTML
2.0: HTML 2.0 (default)
3.2: HTML 3.2
Usage
This function converts the following characters to HTML character entities:
Text character
Encoding
<
<
>
>
&
&
"
"
This function can be used to help protect ColdFusion pages that return user-provided data to the client browser from cross-site scripting attacks. However, the scriptprotect attribute of the cfapplication tag or the equivalent This.scriptProtect variable setting in Application.cfc can be preferable in most instances, because you only need to specify it once for an application.This function typically increases the length of a string. This can cause unpredictable results when performing certain string functions (Left, Right, and Mid, for example) against the expanded string.The only difference between this function and HTMLCodeFormat is that HTMLCodeFormat surrounds the text in an HTML pre tag.
Example