DEV Community

James Moberg
James Moberg

Posted on

1

Sanitizing console.log from HTML using ColdFusion Regex

I have some ColdFusion applications that contain javascript console.log debugging. In many cases, I didn't want to remove the code as it is beneficial for internal developers, but it didn't make sense for it to be displaying messages for the general public. Instead of adding CFIF tags around every usage, I determined that it may be a good idea to use regex to sanitize it.

I initially tried removing the logging and/or replacing it with a comment, but this didn't seem to work correctly in every context. I decided to set it to a local dummy variable so this it wouldn't do any harm during post-processing. We use jsoup to manage the order of JS/CSS loading & add pre-configured CSP rules based on content. In addition, We may use IIS Webspeed (PageSpeed for IIS) to reduce whitespace optimize css/js/images. (PageSpeed automatically removes comments & reduces JS, so I'm hoping it will reduce multiple redundant variables to a single variable.)

Using the removeLogging() UDF, I can now determine how the web application is being accessed (developer vs non-developer) and remove the console debugging for non-developer visitors. This has been tested using CF2016.

Source Code

<cfscript>
/* 2/3/2020 removeLogging - removes console.log debugging from HTML fragment. (Tested w/ACF2016)
Safely replace debugging w/trivial variable assignment. (Removing or replacing with a commenting may not work in every context.)
James Moberg - https://www.sunstarmedia.com/
TryCF: https://trycf.com/gist/fee255d6cbdf444e04dfda6a944e56b1
Blog: https://dev.to/gamesover/sanitizing-console-log-from-html-using-coldfusion-regex-m3b
*/
string function removeLogging(required string inputString, string replacementText="ignored"){
if (len(trim(arguments.replacementText)) IS 0){
arguments.replacementText = "ignored";
}
return javacast("string", arguments.inputString).replaceAll("(?m)console\.(assert|clear|count|debug|dir|dirxml|error|exception|group|groupCollapsed|groupEnd|info|log|markTimeline|profile|profileEnd|table|time|timeEnd|timeStamp|trace|warn)\(([\s\S.]*?)\);", "var #arguments.replacementText#;");
}
</cfscript>
<cfsavecontent variable="SampleHTML">
<script>
var a = location;
function foo(){return new Date};
function bar(){return location.href};
console.log('TEST2', new Date);
console.log('hello: ' + foo(), bar());
console.log('TEST VARS', a, new Date);
console.info("TEST INFO", "this is info");
console.warn("TEST WARN", "this is a warning");
console.error("TEST ERROR", "this is an error");
console.table("TEST TABLE", a);
// console.clear();
/* console.log($('#zipSearch').select2('data'), new Date); */
console.log(Math.abs(-123), new Date);
console.log( "spaces" ) ;
console.log('clicked', b2, b2.is(':checked'), new Date);
console.log(
"Multi",
"line"
);
console.log('components.stringify()', JSON.stringify(a));
console.log("abc;123");
//console.log('hello', new Date);
</script>
</cfsavecontent>
<cfoutput>
<div style="display:table;">
<div style="display:table-cell;">
<h2>SampleHTML</h2>
<xmp>#SampleHTML#</xmp>
</div>
<div style="display:table-cell;">
<h2>removeLogging(SampleHTML)</h2>
<xmp>#removeLogging(SampleHTML)#</xmp>
</div>
</div>
</cfoutput>

TryCF.com Demo

https://trycf.com/gist/fee255d6cbdf444e04dfda6a944e56b1

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay