tracker issue : CF-4206298

select a category, or use search below
(searches all categories and all time range)
Title:

Canonicalize example throws exception on cffiddle

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/AsDesigned

Reporter/Name(from Bugbase): Alicia M. / ()

Created: 12/09/2019

Components: CFApps, CFFiddle

Versions: 2016

Failure Type: Non Functioning

Found In Build/Fixed In Build: cffidle version on website 12/9/2019 /

Priority/Frequency: Normal / Most users will encounter

Locale/System: English / Windows 7

Vote Count: 0

Problem Description: Trying to execute the example code for Canonicalize:
https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-c-d/Canonicalize.html#main-pars_text
throws 'Unhandled Exception' in CF2018, Update 6
In CF2016 Update 13:
Unhandled Exception
Java method security exception.
Type: Expression A security exception occurred while invoking Java method on a "java.lang.Class" object. MethodName is getName. Possible cause: Either the createobject function and cfobject tag are disabled in the security sandbox or you are trying to create a class in the ColdFusion package and that is disabled.

Tag Context
tmp_51f6e2ce-68ca-4e44-9552-36c775b52a6b.cfm Line: 9 Column: 0

Stack Trace
coldfusion.runtime.StructBean$SecurityException: Java method security exception.
	at coldfusion.runtime.StructBean.checkPermission(StructBean.java:133)
	at coldfusion.runtime.StructBean.invoke(StructBean.java:482)
	at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:3316)
	at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:3224)
	at cfdump2ecfm413082607$funcDUMPOBJECT.runFunction(/WEB-INF/cftags/dump.cfm:1791)
	at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:493)
	at coldfusion.filter.SilentFilter.invoke(SilentFilter.java:47)
	at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:389)
	at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:95)
	at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:340)
	at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:539)
	at coldfusion.runtime.CfJspPage._invokeUDF(CfJspPage.java:3638)
	at coldfusion.runtime.CfJspPage._invokeUDF(CfJspPage.java:3619)
	at cfdump2ecfm413082607$funcRENDEROUTPUT.runFunction(/WEB-INF/cftags/dump.cfm:728)
	at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:493)
	at coldfusion.filter.SilentFilter.invoke(SilentFilter.java:47)
	at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:389)
	at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:95)
	at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:340)
	at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:235)
	at coldfusion.runtime.CfJspPage._invokeUDF(CfJspPage.java:3697)
	at coldfusion.runtime.CfJspPage._invokeUDF(CfJspPage.java:3677)
	at cfdump2ecfm413082607._factor16(/WEB-INF/cftags/dump.cfm:612)
	at cfdump2ecfm413082607._factor23(/WEB-INF/cftags/dump.cfm:611)
	at cfdump2ecfm413082607._factor52(/WEB-INF/cftags/dump.cfm:499)
	at cfdump2ecfm413082607.runPage(/WEB-INF/cftags/dump.cfm:1)
	...

Steps to Reproduce:
Execute example code given on Adobe webpage:
<!--- canonicalize the simple html entity encoded string --->
<cfoutput>#canonicalize("&lt;",false,false)#</cfoutput>
 
<!--- enforce multiple and mixed encoding detection. Mixed encoding is detected as the data is encoded using URL and HTML entity encoding. Multiple Encoding is also detected --->
<cftry>
<cfoutput>#canonicalize("%26lt; %26lt; %2526lt%253B %2526lt%253B %2526lt%253B",true,true, true)#</cfoutput>
<cfcatch type="any" >
<!--- throws Error when throwOnError set to true when mixed or mutiple encoding is detected. --->
<cfdump var="#cfcatch#" >
</cfcatch>
</cftry>
 
<!--- enforce multiple and mixed encoding detection. Mixed encoding is detected as the data is encoded using URL and HTML entity encoding. Multiple Encoding is also detected --->
<!--- an Empty string will be returned if the throwOnError is set to false and multiple or mixed encoding is found --->
<cfoutput>#canonicalize("%26lt; %26lt; %2526lt%253B %2526lt%253B %2526lt%253B",true,true, false)#</cfoutput>
 
<!--- enforce mixed but not multiple encoding detection returns an Empty String--->
<cfoutput>#canonicalize("%25 %2526 %26##X3c;script&##x3e; &##37;3Cscript%25252525253e",false,true)#</cfoutput>
 
<cftry>
<cfoutput>#canonicalize("%26lt; %26lt; %2526lt%253B %2526lt%253B %2526lt%253B",false,true, true)#</cfoutput>
<cfcatch type="any" >
<!--- throws Error when throwOnError set to true. --->
<cfdump var="#cfcatch#" >
</cfcatch>
</cftry>
 
<!--- Mixed encoding is detected as the data is encoded using URL and HTML entity encoding. Multiple Encoding is also detected --->
<!--- Decodes the string using both percent and HTML Entity encodings as the flags were set to false --->
<cfoutput>#canonicalize("%26lt; %26lt; %2526lt%253B %2526lt%253B %2526lt%253B",false,false)#</cfoutput>
 
<cfoutput>#canonicalize("&##X25;3c",false,false)#</cfoutput>
<cfoutput>#canonicalize("&##x25;3c",false,false)#</cfoutput>
 
<!--- Simple Javascript decoding --->
<!--- http://www.planetpdf.com/codecuts/pdfs/tutorial/jsspec.pdf see section 2.7.5 for JS Encoding --->
<cfoutput>#canonicalize("\\U003C",false,false)#</cfoutput>
<cfoutput>#canonicalize("\\X3C",false,false)#</cfoutput>

Actual Result:
Unhandled Exception

Expected Result:
Example of how canonicalize can be used

Any Workarounds:
Comment out cfdump statements, but the examples aren't very useful without them.

Attachments:

Comments:

Alicia, Fiddle does not allow to instantiate Java class because of the security reasons.   -Nimit
Comment by Nimit S.
33166 | December 11, 2019 05:19:36 AM GMT