Lucee – No matching function [ENCODEFORHTML] found

I was surprised when suddenly I started receiving errors like this:

“No matching function [ENCODEFORHTML] found”? What happened? I was sure that this was working before!

The “EncodeForHTML” function is used to secure string against Cross-Site Scripting attacks – it is useful when you are not sure what is the content of the string you want to send to the browser. Sometimes it may contain a harmful payload.

I was under impression that this function is part of the core of Lucee. It surfaced that I was wrong. It is part of the OWASP ESAPI extension (OWASP Enterprise Security API). Few hours ago, I removed it from Lucee because I thought that this is not needed in this particular project. Once again – I was wrong.

Once the source of the issue was found, I simply went to the Lucee Admin (in the Server context) under http://127.0.0.1:8888/lucee/admin/server.cfm, and in the Extensions -> Applications section, I installed the newest version of the extension. A restart of the server was not needed – it started working immediately.

This case once again proved how important is to have code tests in place and how important it is to run them regularly, even if you think that nothing changed. Sometimes even software update which seems unrelated to the server can cause issues.

3 Replies to “Lucee – No matching function [ENCODEFORHTML] found”

  1. I am running into this with Lucee 5.3.9.160 when starting a server from CommandBox. Do you know how I can fix the issue when using CommandBox to scaffold a ColdBox application? Thank you

    1. Unfortunately, I have no experience with CommandBox. Are you able to access Lucee Admin? The solution should be the same – install OWASP ESAPI extension.

  2. This is a bug in Lucee and happens when Lucee’s fails to install the ESAPI extension, which is supposed to happen automatically by default. There may be some details in your server or web context’s “deploy” log. CommandBox really has nothing to do with it, it just starts up the Lucee server and it’s up to Lucee to finish installing its extensions. You can normally fix this by re-installing the extension from the Lucee admin, or just forgetting the server and starting it fresh. If it keeps happening, it’s likely related to anti-virus software nabbing jars, or a firewall preventing Lucee form auto-downloading jars.

Comments are closed.