Encrypt() is messing up my anchor

[spacehog]

I am trying to use encrypt() to obscure data being passed over the URL scope.
The encryption is working but when I place the encrypted variable in an anchor
tag, CF gets confused as to what should be shown.

Example:

<cfset encInfo = #encrypt(query.value)#>
<a href="someWebPage.htm?var=#variables.encInfo#">Tex t to be seen</a>

Instead of having a link that says, "Text to be seen", I get "@53! > Text to
be seen"

The anchor tag seems to be seeing some of the encrypted data and using it in
the tag. Does anybody know why this is happening?

[Defuse]

Are you decrypting it somewhere? If you encrypt() anything, a variable, a
string - whatever, and you place that value into the "a href" you're going to
get the encrypted value. So using your example:

<cfset encInfo = #encrypt(query.value)#>
<a href="someWebPage.htm?var=#variables.encInfo#">Tex t to be seen</a>

Let's say that query.value is "bob" and now that it's encrypted, it would be
%$Rfsx or something. If you don't decrypt it and you put into your tag like you
have it, then it's going to show the encrypted value and not "bob". Unless I'm
missing something here, you'll have to decrypt it at some point so that the "a
href" can see the actual value.

[spacehog]

I am trying to place the encrypted value into the anchor (I will decrypt it on
the other side), but the encrypt function can contain quotations. So when you
put encrypted data into an anchor <a href=""></a> the quotes in the encrypted
value interfere with the tag.

Is there a way to prevent quotes from being used?

[Adam Cameron]

> I am trying to use encrypt() to obscure data being passed over the URL scope.

> The encryption is working but when I place the encrypted variable in an anchor
> tag, CF gets confused as to what should be shown.

You'll need to URL encode the string before passing it on the URL. As
you've discovered, not all characters are legal in a URL (or only allowed
once, or in a certain position, etc).
--

Adam