public final class HtmlEscape extends Object
Utility class for performing HTML escape/unescape operations.
Configuration of escape/unescape operationsEscape operations can be (optionally) configured by means of:
HtmlEscapeLevel
enum.HtmlEscapeType
enum.Unescape operations need no configuration parameters. Unescape operations will always perform complete unescape of NCRs (whole HTML5 set supported), decimal and hexadecimal references.
FeaturesSpecific features of the HTML escape/unescape operations performed by means of this class:
There are two different input/output modes that can be used in escape/unescape operations:
The following references apply:
Modifier and Type | Method and Description |
---|---|
static void |
escapeHtml(char[] text,
int offset,
int len,
Writer writer,
HtmlEscapeType type,
HtmlEscapeLevel level)
Perform a (configurable) HTML escape operation on a char[] input.
|
static String |
escapeHtml(String text,
HtmlEscapeType type,
HtmlEscapeLevel level)
Perform a (configurable) HTML escape operation on a String input.
|
static void |
escapeHtml4(char[] text,
int offset,
int len,
Writer writer)
Perform an HTML 4 level 2 (result is ASCII) escape operation on a char[] input.
|
static String |
escapeHtml4(String text)
Perform an HTML 4 level 2 (result is ASCII) escape operation on a String input.
|
static void |
escapeHtml4Xml(char[] text,
int offset,
int len,
Writer writer)
Perform an HTML 4 level 1 (XML-style) escape operation on a char[] input.
|
static String |
escapeHtml4Xml(String text)
Perform an HTML 4 level 1 (XML-style) escape operation on a String input.
|
static void |
escapeHtml5(char[] text,
int offset,
int len,
Writer writer)
Perform an HTML5 level 2 (result is ASCII) escape operation on a char[] input.
|
static String |
escapeHtml5(String text)
Perform an HTML5 level 2 (result is ASCII) escape operation on a String input.
|
static void |
escapeHtml5Xml(char[] text,
int offset,
int len,
Writer writer)
Perform an HTML5 level 1 (XML-style) escape operation on a char[] input.
|
static String |
escapeHtml5Xml(String text)
Perform an HTML5 level 1 (XML-style) escape operation on a String input.
|
static void |
unescapeHtml(char[] text,
int offset,
int len,
Writer writer)
Perform an HTML unescape operation on a char[] input.
|
static String |
unescapeHtml(String text)
Perform an HTML unescape operation on a String input.
|
public static String escapeHtml5(String text)
Perform an HTML5 level 2 (result is ASCII) escape operation on a String input.
Level 2 means this method will escape:
This escape will be performed by replacing those chars by the corresponding HTML5 Named Character References (e.g. '´') when such NCR exists for the replaced character, and replacing by a decimal character reference (e.g. 'ₙ') when there there is no NCR for the replaced character.
This method calls escapeHtml(String, HtmlEscapeType, HtmlEscapeLevel)
with the following
preconfigured values:
HtmlEscapeType.HTML5_NAMED_REFERENCES_DEFAULT_TO_DECIMAL
HtmlEscapeLevel.LEVEL_2_ALL_NON_ASCII_PLUS_MARKUP_SIGNIFICANT
This method is thread-safe.
text
- the String to be escaped.public static String escapeHtml5Xml(String text)
Perform an HTML5 level 1 (XML-style) escape operation on a String input.
Level 1 means this method will only escape the five markup-significant characters: <, >, &, " and '. It is called XML-style in order to link it with JSP's escapeXml attribute in JSTL's <c:out ... /> tags.
Note this method may not produce the same results as escapeHtml4Xml(String)
because
it will escape the apostrophe as ', whereas in HTML 4 such NCR does not exist
(the decimal numeric reference ' is used instead).
This method calls escapeHtml(String, HtmlEscapeType, HtmlEscapeLevel)
with the following
preconfigured values:
HtmlEscapeType.HTML5_NAMED_REFERENCES_DEFAULT_TO_DECIMAL
HtmlEscapeLevel.LEVEL_1_ONLY_MARKUP_SIGNIFICANT
This method is thread-safe.
text
- the String to be escaped.public static String escapeHtml4(String text)
Perform an HTML 4 level 2 (result is ASCII) escape operation on a String input.
Level 2 means this method will escape:
This escape will be performed by replacing those chars by the corresponding HTML 4 Named Character References (e.g. '´') when such NCR exists for the replaced character, and replacing by a decimal character reference (e.g. 'ₙ') when there there is no NCR for the replaced character.
This method calls escapeHtml(String, HtmlEscapeType, HtmlEscapeLevel)
with the following
preconfigured values:
HtmlEscapeType.HTML4_NAMED_REFERENCES_DEFAULT_TO_DECIMAL
HtmlEscapeLevel.LEVEL_2_ALL_NON_ASCII_PLUS_MARKUP_SIGNIFICANT
This method is thread-safe.
text
- the String to be escaped.public static String escapeHtml4Xml(String text)
Perform an HTML 4 level 1 (XML-style) escape operation on a String input.
Level 1 means this method will only escape the five markup-significant characters: <, >, &, " and '. It is called XML-style in order to link it with JSP's escapeXml attribute in JSTL's <c:out ... /> tags.
Note this method may not produce the same results as escapeHtml5Xml(String)
because
it will escape the apostrophe as ', whereas in HTML5 there is a specific NCR for
such character (').
This method calls escapeHtml(String, HtmlEscapeType, HtmlEscapeLevel)
with the following
preconfigured values:
HtmlEscapeType.HTML4_NAMED_REFERENCES_DEFAULT_TO_DECIMAL
HtmlEscapeLevel.LEVEL_1_ONLY_MARKUP_SIGNIFICANT
This method is thread-safe.
text
- the String to be escaped.public static String escapeHtml(String text, HtmlEscapeType type, HtmlEscapeLevel level)
Perform a (configurable) HTML escape operation on a String input.
This method will perform an escape operation according to the specified
HtmlEscapeType
and HtmlEscapeLevel
argument values.
All other String-based escapeHtml*(...) methods call this one with preconfigured type and level values.
This method is thread-safe.
text
- the String to be escaped.type
- the type of escape operation to be performed, see HtmlEscapeType
.level
- the escape level to be applied, see HtmlEscapeLevel
.public static void escapeHtml5(char[] text, int offset, int len, Writer writer) throws IOException
Perform an HTML5 level 2 (result is ASCII) escape operation on a char[] input.
Level 2 means this method will escape:
This escape will be performed by replacing those chars by the corresponding HTML5 Named Character References (e.g. '´') when such NCR exists for the replaced character, and replacing by a decimal character reference (e.g. 'ₙ') when there there is no NCR for the replaced character.
This method calls escapeHtml(char[], int, int, java.io.Writer, HtmlEscapeType, HtmlEscapeLevel)
with the following preconfigured values:
HtmlEscapeType.HTML5_NAMED_REFERENCES_DEFAULT_TO_DECIMAL
HtmlEscapeLevel.LEVEL_2_ALL_NON_ASCII_PLUS_MARKUP_SIGNIFICANT
This method is thread-safe.
text
- the char[] to be escaped.offset
- the position in text at which the escape operation should start.len
- the number of characters in text that should be escaped.writer
- the java.io.Writer to which the escaped result will be written. Nothing will
be written at all to this writer if text is null.IOException
- if an input/output exception occurspublic static void escapeHtml5Xml(char[] text, int offset, int len, Writer writer) throws IOException
Perform an HTML5 level 1 (XML-style) escape operation on a char[] input.
Level 1 means this method will only escape the five markup-significant characters: <, >, &, " and '. It is called XML-style in order to link it with JSP's escapeXml attribute in JSTL's <c:out ... /> tags.
Note this method may not produce the same results as
escapeHtml4Xml(char[], int, int, java.io.Writer)
because
it will escape the apostrophe as ', whereas in HTML 4 such NCR does not exist
(the decimal numeric reference ' is used instead).
This method calls escapeHtml(char[], int, int, java.io.Writer, HtmlEscapeType, HtmlEscapeLevel)
with the following preconfigured values:
HtmlEscapeType.HTML5_NAMED_REFERENCES_DEFAULT_TO_DECIMAL
HtmlEscapeLevel.LEVEL_1_ONLY_MARKUP_SIGNIFICANT
This method is thread-safe.
text
- the char[] to be escaped.offset
- the position in text at which the escape operation should start.len
- the number of characters in text that should be escaped.writer
- the java.io.Writer to which the escaped result will be written. Nothing will
be written at all to this writer if text is null.IOException
- if an input/output exception occurspublic static void escapeHtml4(char[] text, int offset, int len, Writer writer) throws IOException
Perform an HTML 4 level 2 (result is ASCII) escape operation on a char[] input.
Level 2 means this method will escape:
This escape will be performed by replacing those chars by the corresponding HTML 4 Named Character References (e.g. '´') when such NCR exists for the replaced character, and replacing by a decimal character reference (e.g. 'ₙ') when there there is no NCR for the replaced character.
This method calls escapeHtml(char[], int, int, java.io.Writer, HtmlEscapeType, HtmlEscapeLevel)
with the following preconfigured values:
HtmlEscapeType.HTML4_NAMED_REFERENCES_DEFAULT_TO_DECIMAL
HtmlEscapeLevel.LEVEL_2_ALL_NON_ASCII_PLUS_MARKUP_SIGNIFICANT
This method is thread-safe.
text
- the char[] to be escaped.offset
- the position in text at which the escape operation should start.len
- the number of characters in text that should be escaped.writer
- the java.io.Writer to which the escaped result will be written. Nothing will
be written at all to this writer if text is null.IOException
- if an input/output exception occurspublic static void escapeHtml4Xml(char[] text, int offset, int len, Writer writer) throws IOException
Perform an HTML 4 level 1 (XML-style) escape operation on a char[] input.
Level 1 means this method will only escape the five markup-significant characters: <, >, &, " and '. It is called XML-style in order to link it with JSP's escapeXml attribute in JSTL's <c:out ... /> tags.
Note this method may not produce the same results as
escapeHtml5Xml(char[], int, int, java.io.Writer)
because it will escape the apostrophe as
', whereas in HTML5 there is a specific NCR for such character (').
This method calls escapeHtml(char[], int, int, java.io.Writer, HtmlEscapeType, HtmlEscapeLevel)
with the following preconfigured values:
HtmlEscapeType.HTML4_NAMED_REFERENCES_DEFAULT_TO_DECIMAL
HtmlEscapeLevel.LEVEL_1_ONLY_MARKUP_SIGNIFICANT
This method is thread-safe.
text
- the char[] to be escaped.offset
- the position in text at which the escape operation should start.len
- the number of characters in text that should be escaped.writer
- the java.io.Writer to which the escaped result will be written. Nothing will
be written at all to this writer if text is null.IOException
- if an input/output exception occurspublic static void escapeHtml(char[] text, int offset, int len, Writer writer, HtmlEscapeType type, HtmlEscapeLevel level) throws IOException
Perform a (configurable) HTML escape operation on a char[] input.
This method will perform an escape operation according to the specified
HtmlEscapeType
and HtmlEscapeLevel
argument values.
All other char[]-based escapeHtml*(...) methods call this one with preconfigured type and level values.
This method is thread-safe.
text
- the char[] to be escaped.offset
- the position in text at which the escape operation should start.len
- the number of characters in text that should be escaped.writer
- the java.io.Writer to which the escaped result will be written. Nothing will
be written at all to this writer if text is null.type
- the type of escape operation to be performed, see HtmlEscapeType
.level
- the escape level to be applied, see HtmlEscapeLevel
.IOException
- if an input/output exception occurspublic static String unescapeHtml(String text)
Perform an HTML unescape operation on a String input.
No additional configuration arguments are required. Unescape operations will always perform complete unescape of NCRs (whole HTML5 set supported), decimal and hexadecimal references.
This method is thread-safe.
text
- the String to be unescaped.public static void unescapeHtml(char[] text, int offset, int len, Writer writer) throws IOException
Perform an HTML unescape operation on a char[] input.
No additional configuration arguments are required. Unescape operations will always perform complete unescape of NCRs (whole HTML5 set supported), decimal and hexadecimal references.
This method is thread-safe.
text
- the char[] to be unescaped.offset
- the position in text at which the unescape operation should start.len
- the number of characters in text that should be unescaped.writer
- the java.io.Writer to which the unescaped result will be written. Nothing will
be written at all to this writer if text is null.IOException
- if an input/output exception occursCopyright © 2015 The UNBESCAPE team. All rights reserved.