ParagraphFormat is not XHTML Safe

Updated March 6, 2024, First Published May 6, 2005 by Pete Freitag

I just noticed that the ParagraphFormat tag is not XHTML safe. It inserts unclosed <P> tags for line breaks. I posted a comment on the live docs about this, so hopefully they will add an optional argument to have it generate XHTML output. Here's a function you can use in the meantime:

<cffunction name="XHTMLParagraphFormat" returntype="string" output="false">
	<cfargument name="str" required="true" type="string">
	<cfreturn REReplace(arguments.str, "\r+\n\r+\n", "<br /><br />", "ALL")>
</cffunction>

The Fixinator Code Security Scanner for ColdFusion & CFML is an easy to use security tool that every CF developer can use. It can also easily integrate into CI for automatic scanning on every commit.

Comments

Steve Ray May 6, 2005

There's also an XHTMLParagraphFormat UDF on CFLib.org.

Raymond Camden May 6, 2005

There is a cflib function for this too. :)

Brian G February 3, 2006

The function on cflib is not exactly ideal. It will convert blank lines into empty <p></p> tags which is not exactly correct. I changed the code from a replace to a reReplaceNoCase with the following regexp to do the right thing (from a semantic XHTML point of view): reReplaceNoCase(string, "(#Chr(13)##Chr(10)#)+", ...)