ColdFusion doing OWASP esapi via Java
问题 I am have some old ColdFusion code. It was originally written for CF9, but is now running on CF 2016. application.cfc local.esapi = createObject("java", "org.owasp.esapi.ESAPI"); application.esapiEncoder = local.esapi.encoder() Much later Regular page form.Reason = application.esapiEncoder.encodeForHtml(form.Reason); I am thinking of replacing this with form.Reason = encodeForHTML(form.Reason); Do these function the same? 回答1: Yes, the encodeForX() functions use OWASP's ESAPI behind the