Railo 4.2 Reference
Choose a function:


Encodes the given string for safe output to stop Cross Site Scripting attacks.


esapiencode(string encodeFor,string string):string


The arguments for this function are set. You can not use other arguments except the following ones.
Name Type Required Description
encodeFor string  Yes encode for what, valid values are:
  • css: for output inside Cascading Style Sheets (CSS)
  • dn: for output in LDAP Distinguished Names
  • html: for output inside HTML
  • html_attr: for output inside HTML Attributes
  • javascript: for output inside Javascript
  • ldap: for output in LDAP queries
  • url: for output in URL
  • vbscript: for output inside vbscript
  • xml: for output inside XML
  • xml_attr: for output inside XML Attributes
  • xpath: for output in XPath  
  • string string  Yes string to encode