Lucee – No matching function [ENCODEFORHTML] found

I was surprised when suddenly I started receiving errors like this:

“No matching function [ENCODEFORHTML] found”? What happened? I was sure that this was working before!

The “EncodeForHTML” function is used to secure string against Cross-Site Scripting attacks – it is useful when you are not sure what is the content of the string you want to send to the browser. Sometimes it may contain a harmful payload.

I was under impression that this function is part of the core of Lucee. It surfaced that I was wrong. It is part of the OWASP ESAPI extension (OWASP Enterprise Security API). Few hours ago, I removed it from Lucee because I thought that this is not needed in this particular project. Once again – I was wrong.

Once the source of the issue was found, I simply went to the Lucee Admin (in the Server context) under http://127.0.0.1:8888/lucee/admin/server.cfm, and in the Extensions -> Applications section, I installed the newest version of the extension. A restart of the server was not needed – it started working immediately.

This case once again proved how important is to have code tests in place and how important it is to run them regularly, even if you think that nothing changed. Sometimes even software update which seems unrelated to the server can cause issues.

Leave a Reply

Your email address will not be published. Required fields are marked *