Lucee Function Reference

esapiencode()

This Function is deprecated
Deprecated legacy function. Use context-specific functions (e.g., encodeForHTML) instead.

Example

esapiencode(string encodeFor,string string,[boolean canonicalize,[string dialect]]):string

Category

CSS,DN,HTML,JavaScript,ldap,URL,SQL,VBScript,XML

Arguments

The arguments for this function are set. You can not use other arguments except the following ones.
Name Type Required Default Value Description
encodeFor string  Yes   The target output context. Valid values:
  • css: for style sheets
  • dn: for LDAP Distinguished Names
  • html: for HTML body content
  • html_attr: for HTML attributes (e.g., value, title)
  • javascript: for script blocks or event handlers
  • ldap: for LDAP search filters
  • url: for URI components
  • sql: for database query literals
  • vbscript: for legacy VBScript contexts
  • xml: for XML element content
  • xml_attr: for XML attribute values
  • xpath: for XPath query parameters  
    • string string  Yes   The raw string to be encoded.  
    canonicalize boolean  No false If true, simplifies the input (resolving multiple/mixed encoding) before applying the new encoding. This prevents bypass attacks using double-encoding.  
    dialect string  No   Required only if encodeFor is 'sql'. Specifies the database syntax:
    * db2
    * mysql_ansi
    * mysql
    * oracle