Package org.apache.tomcat.util.security

Class Escape

  • public class Escape
extends java.lang.Object
    Provides utility methods to escape content for different contexts. It is critical that the escaping used is correct for the context in which the data is to be used.

    • Constructor Summary

      Constructors 
      Constructor Description
      Escape()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.lang.String htmlElementContent​(java.lang.String content)
      Escape content for use in HTML.
      static java.lang.String htmlElementContext​(java.lang.Object obj)
      Convert the object to a string via Object.toString() and HTML escape the resulting string for use in HTML content.
      static java.lang.String xml​(java.lang.String content)
      Escape content for use in XML.
      static java.lang.String xml​(java.lang.String ifNull, boolean escapeCRLF, java.lang.String content)
      Escape content for use in XML.
      static java.lang.String xml​(java.lang.String ifNull, java.lang.String content)
      Escape content for use in XML.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • Escape

        public Escape()

    • Method Detail

      • htmlElementContent

        public static java.lang.String htmlElementContent​(java.lang.String content)
        Escape content for use in HTML. This escaping is suitable for the following uses:
        • Element content when the escaped data will be placed directly inside tags such as <p>, <td> etc.
        • Attribute values when the attribute value is quoted with " or '.
        Parameters:
        content - The content to escape
        Returns:
        The escaped content or null if the content was null

      • htmlElementContext

        public static java.lang.String htmlElementContext​(java.lang.Object obj)
        Convert the object to a string via Object.toString() and HTML escape the resulting string for use in HTML content.
        Parameters:
        obj - The object to convert to String and then escape
        Returns:
        The escaped content or "?" if obj is null

      • xml

        public static java.lang.String xml​(java.lang.String content)
        Escape content for use in XML.
        Parameters:
        content - The content to escape
        Returns:
        The escaped content or null if the content was null

      • xml

        public static java.lang.String xml​(java.lang.String ifNull,
                                   java.lang.String content)
        Escape content for use in XML.
        Parameters:
        ifNull - The value to return if content is null
        content - The content to escape
        Returns:
        The escaped content or the value of ifNull if the content was null

      • xml

        public static java.lang.String xml​(java.lang.String ifNull,
                                   boolean escapeCRLF,
                                   java.lang.String content)
        Escape content for use in XML.
        Parameters:
        ifNull - The value to return if content is null
        escapeCRLF - Should CR and LF also be escaped?
        content - The content to escape
        Returns:
        The escaped content or the value of ifNull if the content was null