Util.EscapeChars
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public final class EscapeChars
Taken from: http://www.javapractices.com/Topic96.cjp
Convenience methods for altering special characters related to URLs,
regular expressions, and HTML tags.
| Constructor Summary | |
|---|---|
EscapeChars()
|
|
| Method Summary | |
|---|---|
static java.lang.String |
forDB(java.lang.String sqlString)
|
static java.lang.String |
forHTMLTag(java.lang.String aTagFragment)
Replace characters having special meaning inside HTML tags with their escaped equivalents, using character entities such as '&'. |
static java.lang.String |
forRegex(java.lang.String aRegexFragment)
Replace characters having special meaning in regular expressions with their escaped equivalents. |
static java.lang.String |
forURL(java.lang.String aURLFragment)
Synonym for URLEncoder.encode(String, "UTF-8"). |
static java.lang.String |
forXMLText(java.lang.String aTagFragment)
|
static java.lang.String |
toDisableTags(java.lang.String aText)
Return aText with all start-of-tag and end-of-tag characters replaced by their escaped equivalents. |
| Methods inherited from class java.lang.Object |
|---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public EscapeChars()
| Method Detail |
|---|
public static java.lang.String forURL(java.lang.String aURLFragment)
Used to ensure that HTTP query strings are in proper form, by escaping special characters such as spaces.
An example use case for this method is a login scheme in which, after successful login, the user is redirected to the "original" target destination. Such a target might be passed around as a request parameter. Such a request parameter will have a URL as its value, as in "LoginTarget=Blah.jsp?this=that&blah=boo", and would need to be URL-encoded in order to escape its special characters.
It is important to note that if a query string appears in an HREF attribute, then there are two issues - ensuring the query string is valid HTTP (it is URL-encoded), and ensuring it is valid HTML (ensuring the ampersand is escaped).
public static java.lang.String forHTMLTag(java.lang.String aTagFragment)
The escaped characters are :
This method ensures that arbitrary text appearing inside a tag does not "confuse" the tag. For example, HREF='Blah.do?Page=1&Sort=ASC' does not comply with strict HTML because of the ampersand, and should be changed to HREF='Blah.do?Page=1&Sort=ASC'. This is commonly seen in building query strings. (In JSTL, the c:url tag performs this task automatically.)
public static java.lang.String forDB(java.lang.String sqlString)
public static java.lang.String forXMLText(java.lang.String aTagFragment)
public static java.lang.String toDisableTags(java.lang.String aText)
If user input may contain tags which must be disabled, then call
this method, not forHTMLTag(java.lang.String). This method is used for text appearing
outside of a tag, while forHTMLTag(java.lang.String) is used for text appearing
inside an HTML tag.
It is not uncommon to see text on a web page presented erroneously, because
all special characters are escaped (as in forHTMLTag(java.lang.String)). In
particular, the ampersand character is often escaped not once but twice :
once when the original input occurs, and then a second time when the same item is
retrieved from the database. This occurs because the ampersand is the only escaped
character which appears in a character entity.
public static java.lang.String forRegex(java.lang.String aRegexFragment)
The escaped characters include :
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||