1.) ColdFusion HTMLEDITFORMAT on HTML form field values
First off, let me give an example of what can happen if you don't use HTMLEDITFORMAT on your data that is either redisplayed from the user, or directly from a database.
Trusting user input is not only unsafe but can lead to strange formatting issues when someone has quotation marks in their text (and you are using quotation marks in your html input attributes)
Rule of thumb - always use it to Wrap all cfusion dynamic data in html inputs
<input type="text" value="#htmleditformat(variables.dbData)#"/>
2.) ColdFusion 'output=false' on cfcomponent tag and all cffunction tags within a component
Trying to debug this issue can be a nightmare, so just always set
output=falseYour cfcomponent and cffunction tags both have the 'output' attribute and should be set to 'false' if you're not returning data to the page (which you should limit the display from cfc method anyway).
If you're like us and use Eclipse/cfeclipse, then have this in your snippet for the creation of functions, and you will never have to try and hunt down a single space issue in your application again.
document.location.href="index.cfm?page=x.y&firstname=" + escape(x)