org.springframework.web.util

Class HtmlUtils

  • java.lang.Object
    • org.springframework.web.util.HtmlUtils


  • public abstract class HtmlUtils
    extends java.lang.Object
    Utility class for HTML escaping. Escapes and unescapes based on the W3C HTML 4.01 recommendation, handling character entity references.

    Reference: http://www.w3.org/TR/html4/charset.php

    For a comprehensive set of String escaping utilities, consider Apache Commons Lang and its StringEscapeUtils class. We are not using that class here to avoid a runtime dependency on Commons Lang just for HTML escaping. Furthermore, Spring's HTML escaping is more flexible and 100% HTML 4.0 compliant.

    Since:
    01.03.2003
    Author:
    Juergen Hoeller, Martin Kersten, Craig Andrews
    • Constructor Summary

      Constructors 
      Constructor and Description
      HtmlUtils() 
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method and Description
      static java.lang.String htmlEscape(java.lang.String input)
      Turn special characters into HTML character references.
      static java.lang.String htmlEscape(java.lang.String input, java.lang.String encoding)
      Turn special characters into HTML character references.
      static java.lang.String htmlEscapeDecimal(java.lang.String input)
      Turn special characters into HTML character references.
      static java.lang.String htmlEscapeDecimal(java.lang.String input, java.lang.String encoding)
      Turn special characters into HTML character references.
      static java.lang.String htmlEscapeHex(java.lang.String input)
      Turn special characters into HTML character references.
      static java.lang.String htmlEscapeHex(java.lang.String input, java.lang.String encoding)
      Turn special characters into HTML character references.
      static java.lang.String htmlUnescape(java.lang.String input)
      Turn HTML character references into their plain text UNICODE equivalent.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • HtmlUtils

        public HtmlUtils()
    • Method Detail

      • htmlEscape

        public static java.lang.String htmlEscape(java.lang.String input)
        Turn special characters into HTML character references. Handles complete character set defined in HTML 4.01 recommendation.

        Escapes all special characters to their corresponding entity reference (e.g. <).

        Reference: http://www.w3.org/TR/html4/sgml/entities.php

        Parameters:
        input - the (unescaped) input string
        Returns:
        the escaped string
      • htmlEscape

        public static java.lang.String htmlEscape(java.lang.String input,
                                                  java.lang.String encoding)
        Turn special characters into HTML character references. Handles complete character set defined in HTML 4.01 recommendation.

        Escapes all special characters to their corresponding entity reference (e.g. <) at least as required by the specified encoding. In other words, if a special character does not have to be escaped for the given encoding, it may not be.

        Reference: http://www.w3.org/TR/html4/sgml/entities.php

        Parameters:
        input - the (unescaped) input string
        encoding - the name of a supported charset
        Returns:
        the escaped string
        Since:
        4.1.2
      • htmlEscapeDecimal

        public static java.lang.String htmlEscapeDecimal(java.lang.String input)
        Turn special characters into HTML character references. Handles complete character set defined in HTML 4.01 recommendation.

        Escapes all special characters to their corresponding numeric reference in decimal format (&#Decimal;).

        Reference: http://www.w3.org/TR/html4/sgml/entities.php

        Parameters:
        input - the (unescaped) input string
        Returns:
        the escaped string
      • htmlEscapeDecimal

        public static java.lang.String htmlEscapeDecimal(java.lang.String input,
                                                         java.lang.String encoding)
        Turn special characters into HTML character references. Handles complete character set defined in HTML 4.01 recommendation.

        Escapes all special characters to their corresponding numeric reference in decimal format (&#Decimal;) at least as required by the specified encoding. In other words, if a special character does not have to be escaped for the given encoding, it may not be.

        Reference: http://www.w3.org/TR/html4/sgml/entities.php

        Parameters:
        input - the (unescaped) input string
        encoding - the name of a supported charset
        Returns:
        the escaped string
        Since:
        4.1.2
      • htmlEscapeHex

        public static java.lang.String htmlEscapeHex(java.lang.String input)
        Turn special characters into HTML character references. Handles complete character set defined in HTML 4.01 recommendation.

        Escapes all special characters to their corresponding numeric reference in hex format (&#xHex;).

        Reference: http://www.w3.org/TR/html4/sgml/entities.php

        Parameters:
        input - the (unescaped) input string
        Returns:
        the escaped string
      • htmlEscapeHex

        public static java.lang.String htmlEscapeHex(java.lang.String input,
                                                     java.lang.String encoding)
        Turn special characters into HTML character references. Handles complete character set defined in HTML 4.01 recommendation.

        Escapes all special characters to their corresponding numeric reference in hex format (&#xHex;) at least as required by the specified encoding. In other words, if a special character does not have to be escaped for the given encoding, it may not be.

        Reference: http://www.w3.org/TR/html4/sgml/entities.php

        Parameters:
        input - the (unescaped) input string
        encoding - the name of a supported charset
        Returns:
        the escaped string
        Since:
        4.1.2
      • htmlUnescape

        public static java.lang.String htmlUnescape(java.lang.String input)
        Turn HTML character references into their plain text UNICODE equivalent.

        Handles complete character set defined in HTML 4.01 recommendation and all reference types (decimal, hex, and entity).

        Correctly converts the following formats:

        &#Entity; - (Example: &) case sensitive &#Decimal; - (Example: D)
        &#xHex; - (Example: å) case insensitive
        Gracefully handles malformed character references by copying original characters as is when encountered.

        Reference: http://www.w3.org/TR/html4/sgml/entities.php

        Parameters:
        input - the (escaped) input string
        Returns:
        the unescaped string