ColdFusion 10 contains a few new security methods (encodeForHTML, encodeForURL etc) as well as the canonicalize method, which are drawn from the ESAPI (Enterprise Security API) .jar file included in the installation. Whilst CF8 and cF9 do not have these methods exposed as native functions, they DO contain the ESAPI.jar file. ESAPI was included in ColdFusion as a hotfix for 8 and 8.0.1 (ESAPI 1.4), and ColdFusion 9 and 9.0.1 (ESAPI 2 RC). This means we can instantiate the java library and still use these security features:
The ESAPI components and libraries are incredibly detailed and feature-rich and much more can be achieved with them, but the above code will help you instantiate the objects and use the encoding methods in earlier versions of ColdFusion (8 and 9).
I have also added the canonicalize method to my forked repository of the CFML Security project created by Pete Freitag / Foundeo last week.
You can download the fork from https://github.com/coldfumonkeh/cfml-security