XML (wddx) in HTML form data

Is it possible when submitting a form to a Coldfusion server
to keep form data from being fully decoded?



My application has the basic architecture of an interface
page and a submission page.



In the interface page: The form onSubmit event calls
Javascript that reads all of the form elements and packages them
into a structure and serializes them into a WDDX string. I wrote
the Javascript to WDDX serializer and transform %26amp;, ', '', %26gt;,
and %26lt; into the corresponding XML entities. A single form element
is set to the WDDX string and the form submission continues.



On the submission page: The WDDX string is deserialized and
some checks are done and a database stored proc is executed. In one
condition, the submitted request is saved to the database and all
works fine for all WDDX/XML values. In the second case, the user is
requested to confirm that they want to overwrite current database
data. The WDDX/XML is placed in a hidden form field. When the user
confirms the overwrite, the form calls back to the submission page.
This is where the problem lies. If the WDDX/XML data in the hidden
form field contains character entities (e.g. %26amp;amp; %26amp;quot;),
they are translated back to their literal (%26amp;, '') and then
cfwddx errors out because those characters are illegal in WDDX/XML.
I understand that the XML string has to be encoded for the HTTP
POST, but why is it not decoded back to how it appears in the form?



I did a simpler test just to isolate the problem and the
simple example below illustrates the problem. If you enter the
string ''%26amp;amp;'' in the form and submit it, %26amp; is printed.
This doesn't seem correct.



%26lt;cfif isdefined(''inputString'')%26gt;

%26lt;cfoutput%26gt;#inputString#%26lt;/cfoutput%26gt;

%26lt;/cfif%26gt;



%26lt;form method=''POST''%26gt;

%26lt;textarea name=''inputString''%26gt;%26lt;/textarea%26gt;

%26lt;input type=''submit''%26gt;

%26lt;/form%26gt;

XML (wddx) in HTML form data
The example you gave works fine on my machine. Are you
viewing the source code to see what the real response is? IE will
translate a %26amp;amp; in the HTML into ''%26amp;'' on screen.XML (wddx) in HTML form data
I should also mention that we do a fair amount with WDDX
(passing it in hidden form fields, etc) and we haven't noticed a
problem with character entities.
Thanks for your reply. You are right, I didn't check my
example carefully. That works correctly. But I can confirm that my
actual problem was accurate. If the request contains data with
%26amp;,%26lt;,%26gt;,','' chars, something like the attached code works
only if the original request does not already exist. If the user is
required to use the generated confirmation form, the cfwddx tag
throws an error because submitting the form decodes the character
entities before the cfwddx call. I look at the source and the value
of the hidden field contains %26amp;amp;, but if I print the
wddxString out before the cfwddx call, it contains %26amp; in the
source when the confirmation is submitted. If ''fixed'' it by using
URLEncodedFormat() and URLDecode() on the wddxString.