public class EscapeUtils extends Object
| Modifier and Type | Class and Description |
|---|---|
static class |
EscapeUtils.Builder
Convenience wrapper for
StringBuilder providing escape methods. |
| Constructor and Description |
|---|
EscapeUtils()
EscapeUtils instances should NOT be constructed in
standard programming. |
| Modifier and Type | Method and Description |
|---|---|
static EscapeUtils.Builder |
builder(CharSequenceTranslator translator)
Get a
EscapeUtils.Builder. |
static String |
escapeEcmaScript(String input)
Escapes the characters in a
String using EcmaScript String rules. |
static String |
escapeHtml3(String input)
Escapes the characters in a
String using HTML entities. |
static String |
escapeHtml4(String input)
Escapes the characters in a
String using HTML entities. |
static String |
escapeJava(String input)
Escapes the characters in a
String using Java String rules. |
static String |
escapeJson(String input)
Escapes the characters in a
String using Json String rules. |
static String |
escapeXml10(String input)
Escapes the characters in a
String using XML entities. |
static String |
escapeXml11(String input)
Escapes the characters in a
String using XML entities. |
static String |
escapeXSI(String input)
Escapes the characters in a
String using XSI rules. |
static String |
unescapeEcmaScript(String input)
Unescapes any EcmaScript literals found in the
String. |
static String |
unescapeHtml3(String input)
Unescapes a string containing entity escapes to a string
containing the actual Unicode characters corresponding to the
escapes.
|
static String |
unescapeHtml4(String input)
Unescapes a string containing entity escapes to a string
containing the actual Unicode characters corresponding to the
escapes.
|
static String |
unescapeJava(String input)
Unescapes any Java literals found in the
String. |
static String |
unescapeJson(String input)
Unescapes any Json literals found in the
String. |
static String |
unescapeXml(String input)
Unescapes a string containing XML entity escapes to a string
containing the actual Unicode characters corresponding to the
escapes.
|
static String |
unescapeXSI(String input)
Unescapes the characters in a
String using XSI rules. |
public EscapeUtils()
EscapeUtils instances should NOT be constructed in
standard programming.
Instead, the class should be used as:
EscapeUtils.escapeJava("foo");
This constructor is public to permit tools that require a JavaBean instance to operate.
public static EscapeUtils.Builder builder(CharSequenceTranslator translator)
EscapeUtils.Builder.translator - the text translatorEscapeUtils.Builderpublic static final String escapeJava(String input)
Escapes the characters in a String using Java String rules.
Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.)
So a tab becomes the characters '\\' and
't'.
The only difference between Java strings and JavaScript strings is that in JavaScript, a single quote and forward-slash (/) are escaped.
Example:
input string: He didn't say, "Stop!" output string: He didn't say, \"Stop!\"
input - String to escape values in, may be nullnull if null string inputpublic static final String escapeEcmaScript(String input)
Escapes the characters in a String using EcmaScript String rules.
Escapes any values it finds into their EcmaScript String form. Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.)
So a tab becomes the characters '\\' and
't'.
The only difference between Java strings and EcmaScript strings is that in EcmaScript, a single quote and forward-slash (/) are escaped.
Note that EcmaScript is best known by the JavaScript and ActionScript dialects.
Example:
input string: He didn't say, "Stop!" output string: He didn\'t say, \"Stop!\"Security Note. We only provide backslash escaping in this method. For example,
'\"' has the output
'\\\"' which could result in potential issues in the case where the string being escaped is being used
in an HTML tag like <select onmouseover="..." />. If you wish to have more rigorous string escaping, you
may consider the
ESAPI Libraries.
Further, you can view the ESAPI GitHub Org.input - String to escape values in, may be nullnull if null string inputpublic static final String escapeJson(String input)
Escapes the characters in a String using Json String rules.
Escapes any values it finds into their Json String form. Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.)
So a tab becomes the characters '\\' and
't'.
The only difference between Java strings and Json strings is that in Json, forward-slash (/) is escaped.
See http://www.ietf.org/rfc/rfc4627.txt for further details.
Example:
input string: He didn't say, "Stop!" output string: He didn't say, \"Stop!\"
input - String to escape values in, may be nullnull if null string inputpublic static final String unescapeJava(String input)
Unescapes any Java literals found in the String.
For example, it will turn a sequence of '\' and
'n' into a newline character, unless the '\'
is preceded by another '\'.
input - the String to unescape, may be nullString, null if null string inputpublic static final String unescapeEcmaScript(String input)
Unescapes any EcmaScript literals found in the String.
For example, it will turn a sequence of '\' and 'n'
into a newline character, unless the '\' is preceded by another
'\'.
input - the String to unescape, may be nullString, null if null string inputunescapeJava(String)public static final String unescapeJson(String input)
Unescapes any Json literals found in the String.
For example, it will turn a sequence of '\' and 'n'
into a newline character, unless the '\' is preceded by another
'\'.
input - the String to unescape, may be nullString, null if null string inputunescapeJava(String)public static final String escapeHtml4(String input)
Escapes the characters in a String using HTML entities.
For example:
"bread" & "butter"
"bread" & "butter".
Supports all known HTML 4.0 entities, including funky accents. Note that the commonly used apostrophe escape character (') is not a legal entity and so is not supported).
input - the String to escape, may be nullString, null if null string inputpublic static final String escapeHtml3(String input)
Escapes the characters in a String using HTML entities.
Supports only the HTML 3.0 entities.
input - the String to escape, may be nullString, null if null string inputpublic static final String unescapeHtml4(String input)
Unescapes a string containing entity escapes to a string containing the actual Unicode characters corresponding to the escapes. Supports HTML 4.0 entities.
For example, the string "<Français>"
will become "<Fran�ais>"
If an entity is unrecognized, it is left alone, and inserted
verbatim into the result string. e.g. ">&zzzz;x" will
become ">&zzzz;x".
input - the String to unescape, may be nullString, null if null string inputpublic static final String unescapeHtml3(String input)
Unescapes a string containing entity escapes to a string containing the actual Unicode characters corresponding to the escapes. Supports only HTML 3.0 entities.
input - the String to unescape, may be nullString, null if null string inputpublic static String escapeXml10(String input)
Escapes the characters in a String using XML entities.
For example: "bread" & "butter" =>
"bread" & "butter".
Note that XML 1.0 is a text-only format: it cannot represent control
characters or unpaired Unicode surrogate codepoints, even after escaping.
escapeXml10 will remove characters that do not fit in the
following ranges:
#x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]
Though not strictly necessary, escapeXml10 will escape
characters in the following ranges:
[#x7F-#x84] | [#x86-#x9F]
The returned string can be inserted into a valid XML 1.0 or XML 1.1
document. If you want to allow more non-text characters in an XML 1.1
document, use escapeXml11(String).
input - the String to escape, may be nullString, null if null string inputunescapeXml(String)public static String escapeXml11(String input)
Escapes the characters in a String using XML entities.
For example: "bread" & "butter" =>
"bread" & "butter".
XML 1.1 can represent certain control characters, but it cannot represent
the null byte or unpaired Unicode surrogate codepoints, even after escaping.
escapeXml11 will remove characters that do not fit in the following
ranges:
[#x1-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]
escapeXml11 will escape characters in the following ranges:
[#x1-#x8] | [#xB-#xC] | [#xE-#x1F] | [#x7F-#x84] | [#x86-#x9F]
The returned string can be inserted into a valid XML 1.1 document. Do not use it for XML 1.0 documents.
input - the String to escape, may be nullString, null if null string inputunescapeXml(String)public static final String unescapeXml(String input)
Unescapes a string containing XML entity escapes to a string containing the actual Unicode characters corresponding to the escapes.
Supports only the five basic XML entities (gt, lt, quot, amp, apos). Does not support DTDs or external entities.
Note that numerical \\u Unicode codes are unescaped to their respective Unicode characters. This may change in future releases.
input - the String to unescape, may be nullString, null if null string inputescapeXml10(String),
escapeXml11(String)public static final String escapeXSI(String input)
Escapes the characters in a String using XSI rules.
Beware! In most cases you don't want to escape shell commands but use multi-argument
methods provided by ProcessBuilder or Runtime.exec(String[])
instead.
Example:
input string: He didn't say, "Stop!" output string: He\ didn\'t\ say,\ \"Stop!\"
input - String to escape values in, may be nullnull if null string inputpublic static final String unescapeXSI(String input)
Unescapes the characters in a String using XSI rules.
input - the String to unescape, may be nullString, null if null string inputescapeXSI(String)Copyright © 2019. All rights reserved.