Skip to content

Commit

Permalink
latest
Browse files Browse the repository at this point in the history
  • Loading branch information
andreasRu committed Aug 8, 2023
1 parent d523b91 commit 6fc95bb
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ Example of encoding a trusted HTML block to escape unescaped characters with `en

### Service Functions as Lambda Expression

**HtmlHelper.cfc** passes the functions minifyHtml() and encodeTrustedHtml() as Lambda Expressions to ensure inner a better local scoping ([see code here at GitHub](https://github.com/andreasRu/cfml-htmlhelper/blob/cc91c88a5e744a27d5006accb5ed9e54cd5e7dc5/components/HtmlHelper.cfc#L16)):
**HtmlHelper.cfc** passes the functions minifyHtml() and encodeTrustedHtml() as Lambda Expressions to enhance inner local scoping ([see code here at GitHub](https://github.com/andreasRu/cfml-htmlhelper/blob/cc91c88a5e744a27d5006accb5ed9e54cd5e7dc5/components/HtmlHelper.cfc#L16)):

![cfml html minifier](/images/dumpStruct.webp)

Expand Down
2 changes: 1 addition & 1 deletion docs/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -59,4 +59,4 @@
htmlHelperService.encodeTrustedHtml ( someHtmlBlock )
);
</cfscript>
</code></pre><h3>Service Functions as Lambda Expression</h3><p><strong>HtmlHelper.cfc</strong> passes the functions minifyHtml&#x28;&#x29; and encodeTrustedHtml&#x28;&#x29; as Lambda Expressions to ensure inner a better local scoping &#x28;<a href="https://github.com/andreasRu/cfml-htmlhelper/blob/cc91c88a5e744a27d5006accb5ed9e54cd5e7dc5/components/HtmlHelper.cfc#L16">see code here at GitHub</a>&#x29;&#x3a;</p><p><img src="/images/dumpStruct.webp" alt="cfml html minifier" /></p><h3>Tips &amp; Security Advisory</h3><blockquote><ul><li><strong>IMPORTANT SECURITY NOTICE&#x3a;</strong><code>encodeTrustedHtml()</code> MUST NOT be used to avoid XSS, because it only encodes unencoded characters of the inner HTML &#x28;within the body of tags&#x29;. This function will accept any submitted HTML, JavaScript and Styles and output it as submitted&#x28;&#x21;&#x29; without encoding it for XSS mitigation. For XSS prevention of untrusted HTML you <strong>MUST</strong> continue to use <code>encodeForHTML()</code>, <code>encodeForHTMLAttribute()</code>, <code>encodeForJavascript()</code>, <code>encodeFor...()</code> respectively.</li><li>The Regex patterns are set to work with CFMLs default &#x27;Perl&#x27; Regex-Engine</li><li>When using <code>encodeTrustedHTML()</code> always make sure to keep all the charsets among the stream &quot;in sync&quot;. Having different charsets for templates, web charset, charset http headers, or resource charsets may have unpredictable wrong html-entities and characters.</li><li><code>encodeTrustedHTML()</code> is typically used when you have a fronted CMS with a HTML-Editor where you can manually add custom HTML to a database.</li><li>You get best performance when you use <code>minifyHtml()</code> only once during the request flow, e.g. at the end of the CFML processing. A good location could be the <strong>Application.cfc</strong> at the end of the <code>onRequest()</code> function.</li></ul></blockquote><h3>Downloads</h3><blockquote><ul><li><strong>Raw HtmlHelper.cfc component</strong>&#x3a; <a href="https://raw.githubusercontent.com/andreasRu/cfml-htmlhelper/master/components/HtmlHelper.cfc">Download</a></li><li><strong>Repository as ZIP-File</strong>&#x3a; <a href="https://github.com/andreasRu/cfml-htmlhelper/archive/refs/heads/master.zip">Download</a></li><li><strong>Example minifyHtml&#x28;&#x29;</strong>&#x3a; <a href="https://raw.githubusercontent.com/andreasRu/cfml-htmlhelper/master/examples/minifyHtml.cfm">Download</a></li><li><strong>Example Cfhttp &amp; minifyHtml&#x28;&#x29;</strong>&#x3a; <a href="https://raw.githubusercontent.com/andreasRu/cfml-htmlhelper/master/examples/cfhttpMinifyHtml.cfm">Download</a></li><li><strong>Example encodeTrustedHTML&#x28;&#x29;</strong>&#x3a; <a href="https://raw.githubusercontent.com/andreasRu/cfml-htmlhelper/master/examples/encodeTrustedHtml.cfm">Download</a></li></ul></blockquote><h3>Run repository locally</h3><p>To test or watch the code running locally, you&#x27;ll need CommandBox as dependency&#x3a;</p><blockquote><ol><li>Download the <a href="https://github.com/andreasRu/cfml-htmlhelper/archive/refs/heads/master.zip">Repository as ZIP-File</a></li><li>Unzip it</li><li>Run <code>server.bat</code> on Windows or <code>server.sh</code>on MacOs&#x2f;Linux</li><li>Wait for commandBox open the browser and load the page</li></ol></blockquote><h3>Donations</h3><p>I&#x27;m not taking anything for this but sharing with you. If you like&#x2f;are using it, I kindly ask you to donate to the <strong>Lucee Organization</strong> to make this awesome cfengine even better&#x3a;</p><p><a href="https://opencollective.com/lucee">Lucee Open Collective Donation</a> &#x2764;&#xfe0f;</p><h3>About</h3><blockquote><ul><li><strong>Author&#x3a;</strong> Andreas at <a href="https://www.rhein-berg-digital.de">Rhein Berg Digital</a>, <a href="https://www.linkedin.com/in/claudio-andreas-r%C3%BCger-259000199/" target="_blank" rel="nofollow">LinkedIn</a></li><li><strong>GitHub&#x3a;</strong> &nbsp;<a href="https://github.com/andreasRu/cfml-htmlhelper">cfml-htmlhelper</a></li><li><strong>Issues&#x2f;Requests&#x3a;</strong> &nbsp;<a href="https://github.com/andreasRu/cfml-htmlhelper/issues">cfml-htmlhelper issues</a></li><li><strong>License&#x3a;</strong> &nbsp;<a href="https://github.com/andreasRu/cfml-htmlhelper/blob/master/LICENSE.txt">MIT License</a></li><li><strong>Software &#x3a;</strong>&nbsp;<a href="https://www.lucee.org/">Lucee CFML Engine</a> &#x28;GNU LGPL v2.1&#x29;, <a href="https://www.ortussolutions.com/products/commandbox">CommandBox</a> &#x28;GNU GPLv3&#x29;, <a href="https://highlightjs.org/">highlight.js</a> &#x28;BSD 3-Clause License, Copyright &#x28;c&#x29; 2006, Ivan Sagalaev&#x29;, <a href="https://github.com/necolas/normalize.css">normalize.css</a> &#x28;MIT License, Copyright &#x28;c&#x29; Nicolas Gallagher and Jonathan Neal&#x29;, <a href="https://codepo8.github.io/css-fork-on-github-ribbon/">github-fork-ribbon-css</a> &#x28;MIT License, Copyright &#x28;c&#x29; 2013 Simon Whitaker&#x29;</li><li><strong>Imprint&#x3a;</strong> &nbsp;<a href="https://www.rhein-berg-digital.de/en/andreasru-github-io-imprint">Visit here</a></li><li><strong>Privacy Policy&#x3a;</strong> &nbsp;<a href="https://docs.github.com/en/site-policy">Visit the hosters Site Policy</a> and the <a href="https://www.rhein-berg-digital.de/en/lucee-admin-lang-editor-privacy-policy">authors</a></li></ul></blockquote><script src="/libs/highlightjs/highlight.min.js"></script><script> const elements = document.querySelectorAll('code'); elements.forEach((element) => { element.classList.add('language-html'); }); const aTags = document.querySelectorAll('a'); aTags.forEach((element) => { element.setAttribute('target', '_blank'); }); hljs.highlightAll(); </script></body></html>
</code></pre><h3>Service Functions as Lambda Expression</h3><p><strong>HtmlHelper.cfc</strong> passes the functions minifyHtml&#x28;&#x29; and encodeTrustedHtml&#x28;&#x29; as Lambda Expressions to enhance inner local scoping &#x28;<a href="https://github.com/andreasRu/cfml-htmlhelper/blob/cc91c88a5e744a27d5006accb5ed9e54cd5e7dc5/components/HtmlHelper.cfc#L16">see code here at GitHub</a>&#x29;&#x3a;</p><p><img src="/images/dumpStruct.webp" alt="cfml html minifier" /></p><h3>Tips &amp; Security Advisory</h3><blockquote><ul><li><strong>IMPORTANT SECURITY NOTICE&#x3a;</strong><code>encodeTrustedHtml()</code> MUST NOT be used to avoid XSS, because it only encodes unencoded characters of the inner HTML &#x28;within the body of tags&#x29;. This function will accept any submitted HTML, JavaScript and Styles and output it as submitted&#x28;&#x21;&#x29; without encoding it for XSS mitigation. For XSS prevention of untrusted HTML you <strong>MUST</strong> continue to use <code>encodeForHTML()</code>, <code>encodeForHTMLAttribute()</code>, <code>encodeForJavascript()</code>, <code>encodeFor...()</code> respectively.</li><li>The Regex patterns are set to work with CFMLs default &#x27;Perl&#x27; Regex-Engine</li><li>When using <code>encodeTrustedHTML()</code> always make sure to keep all the charsets among the stream &quot;in sync&quot;. Having different charsets for templates, web charset, charset http headers, or resource charsets may have unpredictable wrong html-entities and characters.</li><li><code>encodeTrustedHTML()</code> is typically used when you have a fronted CMS with a HTML-Editor where you can manually add custom HTML to a database.</li><li>You get best performance when you use <code>minifyHtml()</code> only once during the request flow, e.g. at the end of the CFML processing. A good location could be the <strong>Application.cfc</strong> at the end of the <code>onRequest()</code> function.</li></ul></blockquote><h3>Downloads</h3><blockquote><ul><li><strong>Raw HtmlHelper.cfc component</strong>&#x3a; <a href="https://raw.githubusercontent.com/andreasRu/cfml-htmlhelper/master/components/HtmlHelper.cfc">Download</a></li><li><strong>Repository as ZIP-File</strong>&#x3a; <a href="https://github.com/andreasRu/cfml-htmlhelper/archive/refs/heads/master.zip">Download</a></li><li><strong>Example minifyHtml&#x28;&#x29;</strong>&#x3a; <a href="https://raw.githubusercontent.com/andreasRu/cfml-htmlhelper/master/examples/minifyHtml.cfm">Download</a></li><li><strong>Example Cfhttp &amp; minifyHtml&#x28;&#x29;</strong>&#x3a; <a href="https://raw.githubusercontent.com/andreasRu/cfml-htmlhelper/master/examples/cfhttpMinifyHtml.cfm">Download</a></li><li><strong>Example encodeTrustedHTML&#x28;&#x29;</strong>&#x3a; <a href="https://raw.githubusercontent.com/andreasRu/cfml-htmlhelper/master/examples/encodeTrustedHtml.cfm">Download</a></li></ul></blockquote><h3>Run repository locally</h3><p>To test or watch the code running locally, you&#x27;ll need CommandBox as dependency&#x3a;</p><blockquote><ol><li>Download the <a href="https://github.com/andreasRu/cfml-htmlhelper/archive/refs/heads/master.zip">Repository as ZIP-File</a></li><li>Unzip it</li><li>Run <code>server.bat</code> on Windows or <code>server.sh</code>on MacOs&#x2f;Linux</li><li>Wait for commandBox open the browser and load the page</li></ol></blockquote><h3>Donations</h3><p>I&#x27;m not taking anything for this but sharing with you. If you like&#x2f;are using it, I kindly ask you to donate to the <strong>Lucee Organization</strong> to make this awesome cfengine even better&#x3a;</p><p><a href="https://opencollective.com/lucee">Lucee Open Collective Donation</a> &#x2764;&#xfe0f;</p><h3>About</h3><blockquote><ul><li><strong>Author&#x3a;</strong> Andreas at <a href="https://www.rhein-berg-digital.de">Rhein Berg Digital</a>, <a href="https://www.linkedin.com/in/claudio-andreas-r%C3%BCger-259000199/" target="_blank" rel="nofollow">LinkedIn</a></li><li><strong>GitHub&#x3a;</strong> &nbsp;<a href="https://github.com/andreasRu/cfml-htmlhelper">cfml-htmlhelper</a></li><li><strong>Issues&#x2f;Requests&#x3a;</strong> &nbsp;<a href="https://github.com/andreasRu/cfml-htmlhelper/issues">cfml-htmlhelper issues</a></li><li><strong>License&#x3a;</strong> &nbsp;<a href="https://github.com/andreasRu/cfml-htmlhelper/blob/master/LICENSE.txt">MIT License</a></li><li><strong>Software &#x3a;</strong>&nbsp;<a href="https://www.lucee.org/">Lucee CFML Engine</a> &#x28;GNU LGPL v2.1&#x29;, <a href="https://www.ortussolutions.com/products/commandbox">CommandBox</a> &#x28;GNU GPLv3&#x29;, <a href="https://highlightjs.org/">highlight.js</a> &#x28;BSD 3-Clause License, Copyright &#x28;c&#x29; 2006, Ivan Sagalaev&#x29;, <a href="https://github.com/necolas/normalize.css">normalize.css</a> &#x28;MIT License, Copyright &#x28;c&#x29; Nicolas Gallagher and Jonathan Neal&#x29;, <a href="https://codepo8.github.io/css-fork-on-github-ribbon/">github-fork-ribbon-css</a> &#x28;MIT License, Copyright &#x28;c&#x29; 2013 Simon Whitaker&#x29;</li><li><strong>Imprint&#x3a;</strong> &nbsp;<a href="https://www.rhein-berg-digital.de/en/andreasru-github-io-imprint">Visit here</a></li><li><strong>Privacy Policy&#x3a;</strong> &nbsp;<a href="https://docs.github.com/en/site-policy">Visit the hosters Site Policy</a> and the <a href="https://www.rhein-berg-digital.de/en/lucee-admin-lang-editor-privacy-policy">authors</a></li></ul></blockquote><script src="/libs/highlightjs/highlight.min.js"></script><script> const elements = document.querySelectorAll('code'); elements.forEach((element) => { element.classList.add('language-html'); }); const aTags = document.querySelectorAll('a'); aTags.forEach((element) => { element.setAttribute('target', '_blank'); }); hljs.highlightAll(); </script></body></html>

0 comments on commit 6fc95bb

Please sign in to comment.