Just curious... is cfUniform doing anything under the hood to clean/sanitize form inputs?
I'm tinkering around with the ESAPI library in CF9.
These all work:
<uform:option display="#rc.esapi.encodeForHTMLAttribute(category.getCategoryName())#" value="1"/>
<uform:option display="#rc.esapi.encodeForHTMLAttribute(category.getCategoryName())#" value="#rc.esapi.encodeForHTMLAttribute(1)#"/>
But if I do:
<uform:option display="#rc.esapi.encodeForHTMLAttribute(category.getCategoryName())#" value="rc.esapi.encodeForHTMLAttribute(category.getCategoryID())#"/>
It fails:
Either there are no methods with the specified method name and
argument types or the encodeForHTMLAttribute method is overloaded with
argument types that ColdFusion cannot decipher reliably. ColdFusion
found 0 methods that match the provided arguments. If this is a Java
object and you verified that the method exists, use the javacast
function to reduce ambiguity.
Message
The encodeForHTMLAttribute method was not found.
I'm using ORM and thought maybe getCategoryId() was returning something odd but if I do:
IsNumeric( getCategoryId() ) it returns true?
Any ideas?
Jim