encodeHtml

Idoc function used to filter data input for illegal or corruptive HTML constructs. This function is used by default in Threaded Discussions, a component available during installation.

All input data received by the Content Server when using the unsafe value for the rule parameter applies only to well-known unsafe script tags. This functionality can be altered by using the HtmlDataInputFilterLevel configuration variable to change the filtering that is done.

Type and Usage

• "Global Functions"

• "Security"

Parameters

Takes two required and one optional parameter:

• The first parameter is the string to encode.

• The second parameter is the rule to apply when encoding HTML constructs. The following values are allowed:

  • none: no conversion is done to HTML constructs.

  • unsafe: only well-known unsafe script tags are encoded.

  • exceptsafe: well-known safe script tags are not encoded.

  • lfexceptsafe: recommended for use when extended comments are entered by users and line breaks in the original text must be preserved.

  See the security and user access chapter in Oracle Fusion Middleware System Administrator's Guide for Content Server for details about comment handling, attribute values, parenthesis handling, and allowed values for unsafe and safe script tags.

• An optional parameter is also available that specifies if long strings without space characters are to be broken up and what maximum word size to apply. Specify either wordbreak or nowordbreak.

Output

Returns the encoded string.

See Also

• "HtmlDataInputFilterLevel"