/** * Turn special characters into HTML character references. * Handles complete character set defined in HTML 4.01 recommendation. * <p>Escapes all special characters to their corresponding * entity reference (e.g. {@code <}). * <p>Reference: * <a href="http://www.w3.org/TR/html4/sgml/entities.html"> * http://www.w3.org/TR/html4/sgml/entities.html * </a> * @param input the (unescaped) input string * @return the escaped string */ public static String htmlEscape(String input) { return htmlEscape(input, WebUtils.DEFAULT_CHARACTER_ENCODING); }
@Test public void testHtmlEscape() { String unescaped = "\"This is a quote'"; String escaped = HtmlUtils.htmlEscape(unescaped); assertEquals(""This is a quote'", escaped); escaped = HtmlUtils.htmlEscapeDecimal(unescaped); assertEquals(""This is a quote'", escaped); escaped = HtmlUtils.htmlEscapeHex(unescaped); assertEquals(""This is a quote'", escaped); }
@Test public void testEncodeIntoHtmlCharacterSetFromUtf8() { String utf8 = ("UTF-8"); assertEquals("An empty string should be converted to an empty string", "", HtmlUtils.htmlEscape("", utf8)); assertEquals("A string containing no special characters should not be affected", "A sentence containing no special characters.", HtmlUtils.htmlEscape("A sentence containing no special characters.")); assertEquals("'< >' should be encoded to '< >'", "< >", HtmlUtils.htmlEscape("< >", utf8)); assertEquals("'< >' should be encoded to '< >'", "< >", HtmlUtils.htmlEscapeDecimal("< >", utf8)); assertEquals("UTF-8 supported chars should not be escaped", "Μερικοί Ελληνικοί "χαρακτήρες"", HtmlUtils.htmlEscape("Μερικοί Ελληνικοί \"χαρακτήρες\"", utf8)); }
/** * Retrieve the given MessageSourceResolvable (e.g. an ObjectError instance). * @param resolvable the MessageSourceResolvable * @param htmlEscape if the message should be HTML-escaped * @return the message * @throws org.springframework.context.NoSuchMessageException if not found */ public String getMessage(MessageSourceResolvable resolvable, boolean htmlEscape) throws NoSuchMessageException { String msg = this.messageSource.getMessage(resolvable, this.locale); return (htmlEscape ? HtmlUtils.htmlEscape(msg) : msg); }
@Test public void testEncodeIntoHtmlCharacterSet() { assertEquals("An empty string should be converted to an empty string", "", HtmlUtils.htmlEscape("")); assertEquals("A string containing no special characters should not be affected", "A sentence containing no special characters.", HtmlUtils.htmlEscape("A sentence containing no special characters.")); assertEquals("'< >' should be encoded to '< >'", "< >", HtmlUtils.htmlEscape("< >")); assertEquals("'< >' should be encoded to '< >'", "< >", HtmlUtils.htmlEscapeDecimal("< >")); assertEquals("The special character 8709 should be encoded to '∅'", "∅", HtmlUtils.htmlEscape("" + (char) 8709)); assertEquals("The special character 8709 should be encoded to '∅'", "∅", HtmlUtils.htmlEscapeDecimal("" + (char) 8709)); assertEquals("The special character 977 should be encoded to 'ϑ'", "ϑ", HtmlUtils.htmlEscape("" + (char) 977)); assertEquals("The special character 977 should be encoded to 'ϑ'", "ϑ", HtmlUtils.htmlEscapeDecimal("" + (char) 977)); }
/** * Retrieve the message for the given code. * @param code code of the message * @param args arguments for the message, or {@code null} if none * @param htmlEscape if the message should be HTML-escaped * @return the message * @throws org.springframework.context.NoSuchMessageException if not found */ public String getMessage(String code, @Nullable Object[] args, boolean htmlEscape) throws NoSuchMessageException { String msg = this.messageSource.getMessage(code, args, this.locale); return (htmlEscape ? HtmlUtils.htmlEscape(msg) : msg); }
/** * Retrieve the message for the given code. * @param code code of the message * @param args arguments for the message, or {@code null} if none * @param defaultMessage the String to return if the lookup fails * @param htmlEscape if the message should be HTML-escaped * @return the message */ public String getMessage(String code, @Nullable Object[] args, String defaultMessage, boolean htmlEscape) { String msg = this.messageSource.getMessage(code, args, defaultMessage, this.locale); if (msg == null) { return ""; } return (htmlEscape ? HtmlUtils.htmlEscape(msg) : msg); }
/** * Return a suitable display value for the field, i.e. the stringified * value if not null, and an empty string in case of a null value. * <p>This value will be an HTML-escaped String if the original value * was non-null: the {@code toString} result of the original value * will get HTML-escaped. */ public String getDisplayValue() { if (this.value instanceof String) { return (String) this.value; } if (this.value != null) { return (this.htmlEscape ? HtmlUtils.htmlEscape(this.value.toString()) : this.value.toString()); } return ""; }
/** * Return a suitable display value for the field, i.e. the stringified * value if not null, and an empty string in case of a null value. * <p>This value will be an HTML-escaped String if the original value * was non-null: the {@code toString} result of the original value * will get HTML-escaped. */ public String getDisplayValue() { if (this.value instanceof String) { return (String) this.value; } if (this.value != null) { return (this.htmlEscape ? HtmlUtils.htmlEscape(this.value.toString()) : this.value.toString()); } return ""; }
@Override @Nullable public Object getFieldValue(String field) { Object value = this.source.getFieldValue(field); return (value instanceof String ? HtmlUtils.htmlEscape((String) value) : value); }
/** * Build the display value of the supplied {@code Object}, HTML escaped * as required. This version is <strong>not</strong> {@link PropertyEditor}-aware. * @see #getDisplayString(Object, java.beans.PropertyEditor, boolean) */ public static String getDisplayString(@Nullable Object value, boolean htmlEscape) { String displayValue = ObjectUtils.getDisplayString(value); return (htmlEscape ? HtmlUtils.htmlEscape(displayValue) : displayValue); }
/** * Retrieve the message for the given code. * @param code code of the message * @param args arguments for the message, or {@code null} if none * @param htmlEscape if the message should be HTML-escaped * @return the message * @throws org.springframework.context.NoSuchMessageException if not found */ public String getMessage(String code, @Nullable Object[] args, boolean htmlEscape) throws NoSuchMessageException { String msg = this.webApplicationContext.getMessage(code, args, getLocale()); return (htmlEscape ? HtmlUtils.htmlEscape(msg) : msg); }
String replaceStringLiterals(String content) { content = content.replaceAll("%backup_initiated_by%", HtmlUtils.htmlEscape(backupService.backupRunningSinceISO8601())); content = content.replaceAll("%backup_started_by%", HtmlUtils.htmlEscape(backupService.backupStartedBy())); return content; }
/** * Retrieve the message for the given code. * @param code code of the message * @param args arguments for the message, or {@code null} if none * @param defaultMessage the String to return if the lookup fails * @param htmlEscape if the message should be HTML-escaped * @return the message */ public String getMessage(String code, @Nullable Object[] args, String defaultMessage, boolean htmlEscape) { String msg = this.webApplicationContext.getMessage(code, args, defaultMessage, getLocale()); if (msg == null) { return ""; } return (htmlEscape ? HtmlUtils.htmlEscape(msg) : msg); }
@Override @Nullable public Object getFieldValue(String field) { Object value = this.source.getFieldValue(field); return (value instanceof String ? HtmlUtils.htmlEscape((String) value) : value); }
/** * Retrieve the given MessageSourceResolvable (e.g. an ObjectError instance). * @param resolvable the MessageSourceResolvable * @param htmlEscape if the message should be HTML-escaped * @return the message * @throws org.springframework.context.NoSuchMessageException if not found */ public String getMessage(MessageSourceResolvable resolvable, boolean htmlEscape) throws NoSuchMessageException { String msg = this.webApplicationContext.getMessage(resolvable, getLocale()); return (htmlEscape ? HtmlUtils.htmlEscape(msg) : msg); }
/** * Build the display value of the supplied {@code Object}, HTML escaped * as required. This version is <strong>not</strong> {@link PropertyEditor}-aware. * @see #getDisplayString(Object, java.beans.PropertyEditor, boolean) */ public static String getDisplayString(@Nullable Object value, boolean htmlEscape) { String displayValue = ObjectUtils.getDisplayString(value); return (htmlEscape ? HtmlUtils.htmlEscape(displayValue) : displayValue); }
/** * HTML-encodes the given String, only if the "htmlEscape" setting is enabled. * <p>The response encoding will be taken into account if the * "responseEncodedHtmlEscape" setting is enabled as well. * @param content the String to escape * @return the escaped String * @since 4.1.2 * @see #isHtmlEscape() * @see #isResponseEncodedHtmlEscape() */ protected String htmlEscape(String content) { String out = content; if (isHtmlEscape()) { if (isResponseEncodedHtmlEscape()) { out = HtmlUtils.htmlEscape(content, this.pageContext.getResponse().getCharacterEncoding()); } else { out = HtmlUtils.htmlEscape(content); } } return out; }
/** * Retrieve the given MessageSourceResolvable (e.g. an ObjectError instance). * @param resolvable the MessageSourceResolvable * @param htmlEscape if the message should be HTML-escaped * @return the message * @throws org.springframework.context.NoSuchMessageException if not found */ public String getMessage(MessageSourceResolvable resolvable, boolean htmlEscape) throws NoSuchMessageException { String msg = this.webApplicationContext.getMessage(resolvable, getLocale()); return (htmlEscape ? HtmlUtils.htmlEscape(msg) : msg); }
@SuppressWarnings("unchecked") @Nullable private <T extends ObjectError> T escapeObjectError(@Nullable T source) { if (source == null) { return null; } String defaultMessage = source.getDefaultMessage(); if (defaultMessage != null) { defaultMessage = HtmlUtils.htmlEscape(defaultMessage); } if (source instanceof FieldError) { FieldError fieldError = (FieldError) source; Object value = fieldError.getRejectedValue(); if (value instanceof String) { value = HtmlUtils.htmlEscape((String) value); } return (T) new FieldError( fieldError.getObjectName(), fieldError.getField(), value, fieldError.isBindingFailure(), fieldError.getCodes(), fieldError.getArguments(), defaultMessage); } else { return (T) new ObjectError( source.getObjectName(), source.getCodes(), source.getArguments(), defaultMessage); } }