alexerm
asked on
CFINCLUDE equivalent for HTML only
Hi,
Is there CFINCLUDE equivalent tag that would include some html file, but would not process any CFM?
Basically I allow users to save files using my interface.
Then on my page I have the following structure:
.....my code (necessary)......
<cfinclude template="usersfile.html">
.....my code (necessary)......
Everything is fine except that user can potentially put CFM code to his file and get control of the server.
So how do I do that "cfinclude" without processing CFML inside usersfile.html
Thanks
Is there CFINCLUDE equivalent tag that would include some html file, but would not process any CFM?
Basically I allow users to save files using my interface.
Then on my page I have the following structure:
.....my code (necessary)......
<cfinclude template="usersfile.html">
.....my code (necessary)......
Everything is fine except that user can potentially put CFM code to his file and get control of the server.
So how do I do that "cfinclude" without processing CFML inside usersfile.html
Thanks
ASKER
I'm trying to avoid cffile whenever is possible because of it's bad perfomance.
Is there any other ways to do it without cffile?
Thanks
Is there any other ways to do it without cffile?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How about saving the file as include.html and use cfinclude, I don't think it will evaluate any CF code, give it a go.
ASKER
Reply to Tacobell777:
Unfortunetely, it does evaluate CF code, when using CFinclude, no matter what extension of the included file is
Alex
Unfortunetely, it does evaluate CF code, when using CFinclude, no matter what extension of the included file is
Alex
The only thing I can think of (other than CFFILE) is to store the page in a Database.
I never tried it, weird though.
How about, if you read the file into a variable and the output it like so
#dE(myFileVariable)#
How about, if you read the file into a variable and the output it like so
#dE(myFileVariable)#
try this
<img src="my_cfm_or_html_or_any _file_i_ne ed_to_exec ute.htm' width="1" height="1" border="0">
let me know ...
K'Rgds
Anand
<img src="my_cfm_or_html_or_any
let me know ...
K'Rgds
Anand
ASKER
Hi, Anand
The idea with <img> did not work. I would be surprised if it did work
Thanks
Alex
The idea with <img> did not work. I would be surprised if it did work
Thanks
Alex
Did you try my idea?
I don;t know what it is lately but people ignore me, any ideas why?
I don;t know what it is lately but people ignore me, any ideas why?
ASKER
Hi, Tacobell
I did not ignore your post.
If I read from file and just output variable, then there is no need to use DE(...).
Basically when I posted this question I was aware of solution that would read from file using cffile or some other custom tag and then just output whatever was read from file. (and there is no need to use DE in this solution)
However, my question was is there standard coldfusion tag that would include file like CFINCLUDE but would not process CFML inside.
Alex
I did not ignore your post.
If I read from file and just output variable, then there is no need to use DE(...).
Basically when I posted this question I was aware of solution that would read from file using cffile or some other custom tag and then just output whatever was read from file. (and there is no need to use DE in this solution)
However, my question was is there standard coldfusion tag that would include file like CFINCLUDE but would not process CFML inside.
Alex
I stand by my original suggestion. :)
If you read a html file with cffile, then output the result within dE() them I'm pretty sure it won't be evaluated.
dE stands for Delay Evaluation, thus is your problem is that something is evaluated then you'd want to use dE()
dE stands for Delay Evaluation, thus is your problem is that something is evaluated then you'd want to use dE()
or in your html file that you call in the cfinclude you need to put dE() around every variable present, I'm pretty sure that will work to, if it's not dE() that works then dE(dE(variable)) will work.
ASKER
Hi, Taco
-------------------------- ---------- ---------- ---------
<cffile action="read" ......... variable="myvar">
#myvar#
-------------------------- ---------- ---------- -------
does not require to use DE.
My problem was that CFINCLUDE evaluates CFML.
Alex
--------------------------
<cffile action="read" ......... variable="myvar">
#myvar#
--------------------------
does not require to use DE.
My problem was that CFINCLUDE evaluates CFML.
Alex
you know what, you seem to know it all, sort it out by yourself. ciao
ASKER
Tacobell,
You asked me to comment about your idea and I did
I don't understand why you got frustrated
You asked me to comment about your idea and I did
I don't understand why you got frustrated
Try using <cffile>:
<cffile action="read" file="usersfile.html" variable="usersfile">
<cfoutput>#usersfile#</cfo
This should render the text of the file without evaluating it as ColdFusion code.
Best Regards,
Seth