org.springframework.web.util

Class HtmlUtils

java.lang.Object

org.springframework.web.util.HtmlUtils

public abstract class HtmlUtils
extends Object

Utility class for HTML escaping. Escapes and unescapes based on the W3C HTML 4.01 recommendation, handling character entity references.

Reference: http://www.w3.org/TR/html4/charset.html

For a comprehensive set of String escaping utilities, consider Apache Commons Lang and its StringEscapeUtils class. We are not using that class here to avoid a runtime dependency on Commons Lang just for HTML escaping. Furthermore, Spring's HTML escaping is more flexible and 100% HTML 4.0 compliant.

Since:

01.03.2003

Author:

Juergen Hoeller, Martin Kersten, Craig Andrews

Constructor Summary

Constructors

Constructor and Description
HtmlUtils()

Method Summary

Modifier and Type	Method and Description
static String	htmlEscape(String input) Turn special characters into HTML character references.
static String	htmlEscape(String input, String encoding) Turn special characters into HTML character references.
static String	htmlEscapeDecimal(String input) Turn special characters into HTML character references.
static String	htmlEscapeDecimal(String input, String encoding) Turn special characters into HTML character references.
static String	htmlEscapeHex(String input) Turn special characters into HTML character references.
static String	htmlEscapeHex(String input, String encoding) Turn special characters into HTML character references.
static String	htmlUnescape(String input) Turn HTML character references into their plain text UNICODE equivalent.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HtmlUtils

public HtmlUtils()

Method Detail

htmlEscape

public static String htmlEscape(String input)

Turn special characters into HTML character references. Handles complete character set defined in HTML 4.01 recommendation.

Escapes all special characters to their corresponding entity reference (e.g. <).

Reference: http://www.w3.org/TR/html4/sgml/entities.html

Parameters:

input - the (unescaped) input string

Returns:

the escaped string

htmlEscape

public static String htmlEscape(String input,
                                String encoding)

Turn special characters into HTML character references. Handles complete character set defined in HTML 4.01 recommendation.

Escapes all special characters to their corresponding entity reference (e.g. <) at least as required by the specified encoding. In other words, if a special character does not have to be escaped for the given encoding, it may not be.

Reference: http://www.w3.org/TR/html4/sgml/entities.html

Parameters:

input - the (unescaped) input string

encoding - the name of a supported charset

Returns:

the escaped string

Since:

4.1.2

htmlEscapeDecimal

public static String htmlEscapeDecimal(String input)

Turn special characters into HTML character references. Handles complete character set defined in HTML 4.01 recommendation.

Escapes all special characters to their corresponding numeric reference in decimal format (&#Decimal;).

Reference: http://www.w3.org/TR/html4/sgml/entities.html

Parameters:

input - the (unescaped) input string

Returns:

the escaped string

htmlEscapeDecimal

public static String htmlEscapeDecimal(String input,
                                       String encoding)

Turn special characters into HTML character references. Handles complete character set defined in HTML 4.01 recommendation.

Escapes all special characters to their corresponding numeric reference in decimal format (&#Decimal;) at least as required by the specified encoding. In other words, if a special character does not have to be escaped for the given encoding, it may not be.

Reference: http://www.w3.org/TR/html4/sgml/entities.html

Parameters:

input - the (unescaped) input string

encoding - the name of a supported charset

Returns:

the escaped string

Since:

4.1.2

htmlEscapeHex

public static String htmlEscapeHex(String input)

Turn special characters into HTML character references. Handles complete character set defined in HTML 4.01 recommendation.

Escapes all special characters to their corresponding numeric reference in hex format (&#xHex;).

Reference: http://www.w3.org/TR/html4/sgml/entities.html

Parameters:

input - the (unescaped) input string

Returns:

the escaped string

htmlEscapeHex

public static String htmlEscapeHex(String input,
                                   String encoding)

Turn special characters into HTML character references. Handles complete character set defined in HTML 4.01 recommendation.

Escapes all special characters to their corresponding numeric reference in hex format (&#xHex;) at least as required by the specified encoding. In other words, if a special character does not have to be escaped for the given encoding, it may not be.

Reference: http://www.w3.org/TR/html4/sgml/entities.html

Parameters:

input - the (unescaped) input string

encoding - the name of a supported charset

Returns:

the escaped string

Since:

4.1.2

htmlUnescape

public static String htmlUnescape(String input)

Turn HTML character references into their plain text UNICODE equivalent.

Handles complete character set defined in HTML 4.01 recommendation and all reference types (decimal, hex, and entity).

Correctly converts the following formats:

&#Entity; - (Example: &) case sensitive &#Decimal; - (Example: D)
&#xHex; - (Example: å) case insensitive

Gracefully handles malformed character references by copying original characters as is when encountered.

Reference: http://www.w3.org/TR/html4/sgml/entities.html

Parameters:

input - the (escaped) input string

Returns:

the unescaped string