URL/Database Safe Encryption

I was working on an application today where I needed to encrypt a query string. Using the encrypt() function alone would not work because it can generate non-URL friendly characters. There are the undocumented functions cfusion_encrypt() and cfusion_decrypt() that do just what I needed, but I didn't want to rely on any undocumented features in this application, so I did a little research. Turns out one way to go about this is to use tobase64().

Here is an example:

<!--- url/database safe encryption --->
<cfset myStringToEncrypt = "Encrypt Me"/>
<cfset urlSafeEncryptedString = ToBase64(Encrypt(myStringToEncrypt,12345))/>

<!--- decrypt url/database safe encryption --->
<cfset myDecryptedString = Decrypt(ToString(ToBinary(urlSafeEncryptedString)),12345)/>

I'll be using this method for any database/url safe encryption I need to do in the future.

The Value of Valid HTML

This morning I was working on the redesign of a small section of an existing application. What I found is that most of the HTML generated by this application was nowhere near valid. Now, when you generate invalid HTML you are basically leaving it up to the browser to decide how it is going to render the content. Some browsers give you what you want, others don't. This led me to do some quick tests of different browsers and what I discovered is that the HTML was so bad that some browsers (Netscape 4.8) crashed while trying to render it. (Older versions of Netscape were notorious for just not rendering invalid HTML tables, but I've never seen it flat out crash due to bad HTML.)

Anyway, as part of this redesign I've had to go in and cleanup some of the HTML. How did I do this? I validated the rendered HTML using the W3Cs validation services. It sounds like this could be a PITA, but browser plugins have made this extremely easy. I've been using the Web Developer extension for Firefox for a couple of years but recently MS caught up and release the DevToolBar for IE. (I still think the Firefox plugin is much better, but at least users of IE have something.) Both of these extensions offer validation for the page you are currently viewing. Because my dev server is not publicly available I choose the Validate Local HTML option. What this does is it saves a local copy of the HTML you are viewing and uploads it to the W3C Markup Validation Service.

I've found this process of validation invaluable as it often leads me to other problems in the code. (I discovered two additional bugs this morning. The first, incorrect img tag attributes, was the result of some bad CF code. The second, inconsistent rendering of the frame borders between browsers, was just a result of bad HTML.) Basically this validation process serves as another quality assurance procedure.

It's also worth noting that these tools also offer the ability to validate your CSS. This is another great way to help produce quality code.

BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.