org.apache.commons.lang
public class StringEscapeUtils extends Object
Escapes and unescapes Strings for
Java, Java Script, HTML, XML, and SQL.
Since: 2.0
Version: $Id: StringEscapeUtils.java 165657 2005-05-02 18:31:49Z ggregory $
| Constructor Summary | |
|---|---|
| StringEscapeUtils()
Instead, the class should be used as: StringEscapeUtils.escapeJava("foo");
This constructor is public to permit tools that require a JavaBean instance to operate. | |
| Method Summary | |
|---|---|
| static String | escapeHtml(String str) Escapes the characters in a For example:
|
| static String | escapeJava(String str) Escapes the characters in a Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.) |
| static void | escapeJava(Writer out, String str) Escapes the characters in a A |
| static String | escapeJavaScript(String str) Escapes the characters in a Escapes any values it finds into their JavaScript String form. |
| static void | escapeJavaScript(Writer out, String str) Escapes the characters in a A |
| static String | escapeSql(String str) Escapes the characters in a For example, statement.executeQuery("SELECT * FROM MOVIES WHERE TITLE='" +
StringEscapeUtils.escapeSql("McHale's Navy") +
"'");
At present, this method only turns single-quotes into doubled single-quotes
( |
| static String | escapeXml(String str) Escapes the characters in a For example: "bread" & "butter" => "bread" & "butter". |
| static String | unescapeHtml(String str) Unescapes a string containing entity escapes to a string containing the actual Unicode characters corresponding to the escapes. |
| static String | unescapeJava(String str) Unescapes any Java literals found in the |
| static void | unescapeJava(Writer out, String str) Unescapes any Java literals found in the For example, it will turn a sequence of A |
| static String | unescapeJavaScript(String str) Unescapes any JavaScript literals found in the For example, it will turn a sequence of |
| static void | unescapeJavaScript(Writer out, String str) Unescapes any JavaScript literals found in the For example, it will turn a sequence of A |
| static String | unescapeXml(String str) Unescapes a string containing XML entity escapes to a string containing the actual Unicode characters corresponding to the escapes. Supports only the five basic XML entities (gt, lt, quot, amp, apos). |
StringEscapeUtils instances should NOT be constructed in
standard programming.
Instead, the class should be used as:
StringEscapeUtils.escapeJava("foo");
This constructor is public to permit tools that require a JavaBean instance to operate.
Escapes the characters in a String using HTML entities.
For example:
"bread" & "butter"
"bread" & "butter".
Supports all known HTML 4.0 entities, including funky accents.
Parameters: str the String to escape, may be null
Returns: a new escaped String, null if null string input
See Also: unescapeHtml ISO Entities HTML 3.2 Character Entities for ISO Latin-1 HTML 4.0 Character entity references HTML 4.01 Character References HTML 4.01 Code positions
Escapes the characters in a String using Java String rules.
Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.)
So a tab becomes the characters '\\' and
't'.
The only difference between Java strings and JavaScript strings is that in JavaScript, a single quote must be escaped.
Example:
input string: He didn't say, "Stop!" output string: He didn't say, \"Stop!\"
Parameters: str String to escape values in, may be null
Returns: String with escaped values, null if null string input
Escapes the characters in a String using Java String rules to
a Writer.
A null string input has no effect.
Parameters: out Writer to write escaped string into str String to escape values in, may be null
Throws: IllegalArgumentException if the Writer is null IOException if error occurs on underlying Writer
See Also: StringEscapeUtils
Escapes the characters in a String using JavaScript String rules.
Escapes any values it finds into their JavaScript String form. Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.)
So a tab becomes the characters '\\' and
't'.
The only difference between Java strings and JavaScript strings is that in JavaScript, a single quote must be escaped.
Example:
input string: He didn't say, "Stop!" output string: He didn\'t say, \"Stop!\"
Parameters: str String to escape values in, may be null
Returns: String with escaped values, null if null string input
Escapes the characters in a String using JavaScript String rules
to a Writer.
A null string input has no effect.
Parameters: out Writer to write escaped string into str String to escape values in, may be null
Throws: IllegalArgumentException if the Writer is null IOException if error occurs on underlying Writer
See Also: StringEscapeUtils
Escapes the characters in a String to be suitable to pass to
an SQL query.
For example,
statement.executeQuery("SELECT * FROM MOVIES WHERE TITLE='" +
StringEscapeUtils.escapeSql("McHale's Navy") +
"'");
At present, this method only turns single-quotes into doubled single-quotes
("McHale's Navy" => "McHale''s Navy"). It does not
handle the cases of percent (%) or underscore (_) for use in LIKE clauses.
Parameters: str the string to escape, may be null
Returns: a new String, escaped for SQL, null if null string input
Escapes the characters in a String using XML entities.
For example: "bread" & "butter" => "bread" & "butter".
Supports only the five basic XML entities (gt, lt, quot, amp, apos). Does not support DTDs or external entities.
Parameters: str the String to escape, may be null
Returns: a new escaped String, null if null string input
Unescapes a string containing entity escapes to a string containing the actual Unicode characters corresponding to the escapes. Supports HTML 4.0 entities.
For example, the string "<Français>" will become "<Français>"
If an entity is unrecognized, it is left alone, and inserted verbatim into the result string. e.g. ">&zzzz;x" will become ">&zzzz;x".
Parameters: str the String to unescape, may be null
Returns: a new unescaped String, null if null string input
Unescapes any Java literals found in the String.
For example, it will turn a sequence of '\' and
'n' into a newline character, unless the '\'
is preceded by another '\'.
Parameters: str the String to unescape, may be null
Returns: a new unescaped String, null if null string input
Unescapes any Java literals found in the String to a
Writer.
For example, it will turn a sequence of '\' and
'n' into a newline character, unless the '\'
is preceded by another '\'.
A null string input has no effect.
Parameters: out the Writer used to output unescaped characters str the String to unescape, may be null
Throws: IllegalArgumentException if the Writer is null IOException if error occurs on underlying Writer
Unescapes any JavaScript literals found in the String.
For example, it will turn a sequence of '\' and 'n'
into a newline character, unless the '\' is preceded by another
'\'.
Parameters: str the String to unescape, may be null
Returns: A new unescaped String, null if null string input
See Also: unescapeJava
Unescapes any JavaScript literals found in the String to a
Writer.
For example, it will turn a sequence of '\' and 'n'
into a newline character, unless the '\' is preceded by another
'\'.
A null string input has no effect.
Parameters: out the Writer used to output unescaped characters str the String to unescape, may be null
Throws: IllegalArgumentException if the Writer is null IOException if error occurs on underlying Writer
See Also: unescapeJava
Unescapes a string containing XML entity escapes to a string containing the actual Unicode characters corresponding to the escapes.
Supports only the five basic XML entities (gt, lt, quot, amp, apos). Does not support DTDs or external entities.
Parameters: str the String to unescape, may be null
Returns: a new unescaped String, null if null string input