Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

is XmlFormat() always better than htmlEditFormat()?

Saw a comment today at: http://www.bennadel.com/blog/2004-Escaping-Form-Values-Understanding-The-ColdFusion-htmlEditFormat-Life-Cycle.htm by Rick Osborne

I've started moving my students from htmlEditFormat over to xmlFormat. As you said, it catches more characters, but it's also useful for pure XML and is faster to type. I haven't been able to come up with a compelling reason to stick with htmlEditFormat.

Should we all start using XmlFormat()? Can you think of a "compelling reason" other than maybe slightly slower in performance?

like image 578
Henry Avatar asked Oct 14 '22 00:10

Henry


1 Answers

UPDATE: the below answer is no longer relevant. What i've noticed by using XMLFormat() over HTMLEditFormat() is that IE doesn't interpret the ' and thus causing havoc.

in my opinion, if it catches more (such as single quotes that Jason Dean pointed out) thus making your app safer, then i'll eat the performance hit. in all reality, how much of a performance hit could it possible be... 1 or 2ms?

in the upcoming cfwheels 1.1 release, i added an h() method that was a wrapper for the htmleditformat() method. after reading both ben's and this post, i'm going to be switching it over to use XMLFormat() instead.

like image 185
rip747 Avatar answered Oct 19 '22 03:10

rip747