ColdFusion has a problem dealing with XFN. When using ColdFusion client side validation invoked by <cfinput required="yes" />
. ColdFusion should generate JavaScript to validate the form on submission. This typically should be between in the <head />
somewhere. When using the profile
attribute of the head tag <head profile="http://gmpg.org/xfn/11" >
for XFN, ColdFusion apparently doesn’t detect a <head />
tag, and therefore dumps the contents above the <html>
tag. This is wrong for two reasons:
- profile is a valid attribute for the
<head>
tag [HTML4 7.4.1]
- The
<script/>
is allowed in the <head>
or <body>. If the
<head>
does not exist, it should likely default to the top of the body tag as a second choice [HTML4 18.2.1]
Sample code to illustrate bug:
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!– with the profile attribute –>
<head profile="http://gmpg.org/xfn/11">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Show Bug</title>
</head>
<body>
<cfform action="null">
<cfinput type="text" name="foo" required="yes" message="this page has the bug" />
<input type="submit" name="do_submit" value="Submit" />
</cfform>
</body>
</html>
Does not show the bug:
Notice no profile=""
in the <head>
tag.
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!– now without the profile attribute –>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Show Bug</title>
</head>
<body>
<cfform action="null">
<cfinput type="text" name="foo" required="yes" message="this page has the bug" />
<input type="submit" name="do_submit" value="Submit" />
</cfform>
</body>
</html>
Ideally, ColdFusion would sniff the DOCTYPE and generate the appropriate output, for it’s JavaScript in XHTML using a CDATA.
<script type="text/javascript">
< ![CDATA[
… unescaped script content …
]]>
</script>
but perhaps that’s asking to much.
FYI the server that demonstrated this is running:
server.ColdFusion.ProductLevel = Enterprise
server.ColdFusion.ProductName = ColdFusion Server
server.ColdFusion.ProductVersion = 7,0,0,91690
server.OS.AdditionalInformation =
server.OS.BuildNumber =
server.OS.Name = Windows 2003
server.OS.Version = 5.2