XMLFormat and EncodeForXML with accents characters

dev support
1

Hi,

I am migrating an application written in Adobe Coldfusion to Lucee, and I was using XMLFormat. This function encoded special characters such as accents (àéêôî). On Lucee, XMLFormat does not encode accents, but EncodeForXML does.

I know it is now better to use EncodeForXML, but I was wondering if it was a normal behavior that XMLFormat does not return the same result? Should I report a bug or is it not worth it given that XMLFormat is deprecated?

Examples

#EncodeForXML("École àéêôî")# <!--- Return &#xc9;cole &#xe0;&#xe9;&#xea;&#xf4;&#xee; --->
#XMLFormat("École àéêôî")# <!--- Return École àéêôî --->

For now I will try to overwrite the XMLFormat function with my own XMLFormat tag that will use EncodeForXML behind the scene. I need to keep my application cross-compatible for the moment.

Thank you!

OS: Windows Server 2016 (10.0) 64bit
Java Version: 1.8.0_181 (Oracle Corporation) 64bit
Tomcat Version: Apache Tomcat/8.5.33
Lucee Version: Lucee 5.3.8.159-SNAPSHOT

2

Yes it is normal. Those two functions while similar have never been billed as the same function with. XMLFormat() just does some basic text char replacements. encodeForXML() uses the OWASP ESAPI Java libs which is a much more comprehensive check.

3

Thank you @bdw429s.

I created my own XMLFormat built-in function with this

<cffunction name="xmlFormat" output="no" returntype="string" hint="Overwrite the built-in XMLFormat to use EncodedForXML instead">
	<cfargument name="text" type="string" required="yes">
	
	<cfreturn EncodeForXML(ARGUMENTS.text)>
</cffunction>

and I placed it in this folder C:\lucee\tomcat\lucee-server\context\library\function. Restarted Lucee and I get the same result now with XMLFormat and EncodeForXML. Everything is under control!

3 Likes
4

docs updated!

4 Likes