Problem
ColdFusion's URLEncodedFormat() function does not strictly follow RFC 3986. Mostly it is adequate, but occasionally, strict compliance is required.
Solution
Use ColdFusion's ReplaceList() function to "correct" the errors made by URLEncodedFormat() to produce an RFC 3986 compliant URL encoded string.
Detailed explanation
The encoding scheme used by ColdFusion's URLEncodedFormat() function is not strictly compliant with RFC 3986, the Internet standards document that describes the encoding of URLs.
URLEncodedFormat() encodes all non-alphanumeric characters, including some that RFC 3986 specifies should not be encoded. These are "." (period/dot), "-" (hypen/minus), "_" (underscore) and "~" (tilde).
In many cases this does not cause any problems at all, but there are occasions when strict RFC 3986 compliance is necessary, such as encoding a URL for a digitally signed request.
In order to undo the unwanted substitutions made by URLEncodedFormat(), we can use another ColdFusion function, ReplaceList(), where "string" is the string to encode:
<cfset string = replacelist(urlencodedformat(string), "%2D,%2E,%5F,%7E", "-,.,_,~")>
+
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License. Permissions beyond the scope of this license, pertaining to the examples of code included within this work are available at Adobe.
