ColdFusion CustomTags

Check if a string contains HTML code

This custom tag checks if there's any html code in the string. This is done by checking if the sting contains the html tag '<'.

The custom tag has two inn parameters:
Attributes.html_check (the string to be checked)
Attributes.errormsg (the error message to be displayed on the screen)

If the sting contains the '<' tag the 'caller.error_msg' returns the error message in the 'Attributes.errormsg' parameter.

Here's the code for the Custom Tag:

<cfparam name= "Attributes.html_check" type="string" >
<cfparam name="Attributes.errormsg" type="string" >

<cfset caller.error_msg = ' '>
<cfset string_length = Len(Attributes.html_check)>
<cfset chr_list = '<'>
< !--- Check for invalid character(s) HTML in the string. --->
<cfloop index="counter" from="1" to = "#string_length#">
<cfset chr_check = Mid(Attributes.html_check, counter, 1)>
<cfif ListContainsNoCase(chr_list,chr_check)>
<cfset caller.error_msg = "<cfoutput>#Attributes.errormsg#</cfoutput>" >
</cfif>
</cfloop>

Example:
(here we use cfmodule to call the custom tag)

<!--- Start checking the form. --->
<cfset valid = True>
<cfset errormsg = "">

<cfmodule template= "../customtags/html_check.cfm"
html_check="#Form.First_Name#"
errormsg = "First Name can't contain any HTML code.">

<cfif Len(#error_msg#) NEQ 0>
<cfset valid = False>
<cfset errormsg = errormsg & "<li>#error_msg#</li><br>" >
</cfif>

<!--- In your application --->
<cfif valid>
First name OK
<cfelse>
ERROR
<cfoutput>#errormsg#</cfoutput>
</cfif>

Copyright © 1998 - 2009 ScandicWeb - ScandicWebDesign. All Rights Reserved.

ScandicWeb is own by Scandic Systems LTD [UK] Company No. 5984000. All other trademarks and copyrights are the property of their respective holders.