public class StringEscapeUtils
extends java.lang.Object
Escapes and unescapes String
s for
Java, Java Script, HTML, XML, and SQL.
#ThreadSafe#
Constructor and Description |
---|
StringEscapeUtils()
StringEscapeUtils instances should NOT be constructed in
standard programming. |
Modifier and Type | Method and Description |
---|---|
static java.lang.String |
escapeCsv(java.lang.String str)
Returns a
String value for a CSV column enclosed in double quotes,
if required. |
static void |
escapeCsv(java.io.Writer out,
java.lang.String str)
Writes a
String value for a CSV column enclosed in double quotes,
if required. |
static java.lang.String |
escapeHtml(java.lang.String str)
Escapes the characters in a
String using HTML entities. |
static void |
escapeHtml(java.io.Writer writer,
java.lang.String string)
Escapes the characters in a
String using HTML entities and writes
them to a Writer . |
static java.lang.String |
escapeJava(java.lang.String str)
Escapes the characters in a
String using Java String rules. |
static void |
escapeJava(java.io.Writer out,
java.lang.String str)
Escapes the characters in a
String using Java String rules to
a Writer . |
static java.lang.String |
escapeJavaScript(java.lang.String str)
Escapes the characters in a
String using JavaScript String rules. |
static void |
escapeJavaScript(java.io.Writer out,
java.lang.String str)
Escapes the characters in a
String using JavaScript String rules
to a Writer . |
static java.lang.String |
escapeSql(java.lang.String str)
Escapes the characters in a
String to be suitable to pass to
an SQL query. |
static java.lang.String |
escapeXml(java.lang.String str)
Escapes the characters in a
String using XML entities. |
static void |
escapeXml(java.io.Writer writer,
java.lang.String str)
Escapes the characters in a
String using XML entities. |
static java.lang.String |
unescapeCsv(java.lang.String str)
Returns a
String value for an unescaped CSV column. |
static void |
unescapeCsv(java.io.Writer out,
java.lang.String str)
Returns a
String value for an unescaped CSV column. |
static java.lang.String |
unescapeHtml(java.lang.String str)
Unescapes a string containing entity escapes to a string
containing the actual Unicode characters corresponding to the
escapes.
|
static void |
unescapeHtml(java.io.Writer writer,
java.lang.String string)
Unescapes a string containing entity escapes to a string
containing the actual Unicode characters corresponding to the
escapes.
|
static java.lang.String |
unescapeJava(java.lang.String str)
Unescapes any Java literals found in the
String . |
static void |
unescapeJava(java.io.Writer out,
java.lang.String str)
Unescapes any Java literals found in the
String to a
Writer . |
static java.lang.String |
unescapeJavaScript(java.lang.String str)
Unescapes any JavaScript literals found in the
String . |
static void |
unescapeJavaScript(java.io.Writer out,
java.lang.String str)
Unescapes any JavaScript literals found in the
String to a
Writer . |
static java.lang.String |
unescapeXml(java.lang.String str)
Unescapes a string containing XML entity escapes to a string
containing the actual Unicode characters corresponding to the
escapes.
|
static void |
unescapeXml(java.io.Writer writer,
java.lang.String str)
Unescapes a string containing XML entity escapes to a string
containing the actual Unicode characters corresponding to the
escapes.
|
public StringEscapeUtils()
StringEscapeUtils
instances should NOT be constructed in
standard programming.
Instead, the class should be used as:
StringEscapeUtils.escapeJava("foo");
This constructor is public to permit tools that require a JavaBean instance to operate.
public static java.lang.String escapeJava(java.lang.String str)
Escapes the characters in a String
using Java String rules.
Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.)
So a tab becomes the characters '\\'
and
't'
.
The only difference between Java strings and JavaScript strings is that in JavaScript, a single quote must be escaped.
Example:
input string: He didn't say, "Stop!" output string: He didn't say, \"Stop!\"
str
- String to escape values in, may be nullnull
if null string inputpublic static void escapeJava(java.io.Writer out, java.lang.String str) throws java.io.IOException
Escapes the characters in a String
using Java String rules to
a Writer
.
A null
string input has no effect.
out
- Writer to write escaped string intostr
- String to escape values in, may be nulljava.lang.IllegalArgumentException
- if the Writer is null
java.io.IOException
- if error occurs on underlying WriterescapeJava(java.lang.String)
public static java.lang.String escapeJavaScript(java.lang.String str)
Escapes the characters in a String
using JavaScript String rules.
Escapes any values it finds into their JavaScript String form. Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.)
So a tab becomes the characters '\\'
and
't'
.
The only difference between Java strings and JavaScript strings is that in JavaScript, a single quote must be escaped.
Example:
input string: He didn't say, "Stop!" output string: He didn\'t say, \"Stop!\"
str
- String to escape values in, may be nullnull
if null string inputpublic static void escapeJavaScript(java.io.Writer out, java.lang.String str) throws java.io.IOException
Escapes the characters in a String
using JavaScript String rules
to a Writer
.
A null
string input has no effect.
out
- Writer to write escaped string intostr
- String to escape values in, may be nulljava.lang.IllegalArgumentException
- if the Writer is null
java.io.IOException
- if error occurs on underlying WriterescapeJavaScript(java.lang.String)
public static java.lang.String unescapeJava(java.lang.String str)
Unescapes any Java literals found in the String
.
For example, it will turn a sequence of '\'
and
'n'
into a newline character, unless the '\'
is preceded by another '\'
.
str
- the String
to unescape, may be nullString
, null
if null string inputpublic static void unescapeJava(java.io.Writer out, java.lang.String str) throws java.io.IOException
Unescapes any Java literals found in the String
to a
Writer
.
For example, it will turn a sequence of '\'
and
'n'
into a newline character, unless the '\'
is preceded by another '\'
.
A null
string input has no effect.
out
- the Writer
used to output unescaped charactersstr
- the String
to unescape, may be nulljava.lang.IllegalArgumentException
- if the Writer is null
java.io.IOException
- if error occurs on underlying Writerpublic static java.lang.String unescapeJavaScript(java.lang.String str)
Unescapes any JavaScript literals found in the String
.
For example, it will turn a sequence of '\'
and 'n'
into a newline character, unless the '\'
is preceded by another
'\'
.
str
- the String
to unescape, may be nullString
, null
if null string inputunescapeJava(String)
public static void unescapeJavaScript(java.io.Writer out, java.lang.String str) throws java.io.IOException
Unescapes any JavaScript literals found in the String
to a
Writer
.
For example, it will turn a sequence of '\'
and 'n'
into a newline character, unless the '\'
is preceded by another
'\'
.
A null
string input has no effect.
out
- the Writer
used to output unescaped charactersstr
- the String
to unescape, may be nulljava.lang.IllegalArgumentException
- if the Writer is null
java.io.IOException
- if error occurs on underlying WriterunescapeJava(Writer,String)
public static java.lang.String escapeHtml(java.lang.String str)
Escapes the characters in a String
using HTML entities.
For example:
"bread" & "butter"
"bread" & "butter"
.
Supports all known HTML 4.0 entities, including funky accents. Note that the commonly used apostrophe escape character (') is not a legal entity and so is not supported).
str
- the String
to escape, may be nullString
, null
if null string inputunescapeHtml(String)
,
ISO Entities,
HTML 3.2 Character Entities for ISO Latin-1,
HTML 4.0 Character entity references,
HTML 4.01 Character References,
HTML 4.01 Code positionspublic static void escapeHtml(java.io.Writer writer, java.lang.String string) throws java.io.IOException
Escapes the characters in a String
using HTML entities and writes
them to a Writer
.
For example:
"bread" & "butter"
becomes:
"bread" & "butter"
.
Supports all known HTML 4.0 entities, including funky accents. Note that the commonly used apostrophe escape character (') is not a legal entity and so is not supported).
writer
- the writer receiving the escaped string, not nullstring
- the String
to escape, may be nulljava.lang.IllegalArgumentException
- if the writer is nulljava.io.IOException
- when Writer
passed throws the exception from
calls to the Writer.write(int)
methods.escapeHtml(String)
,
unescapeHtml(String)
,
ISO Entities,
HTML 3.2 Character Entities for ISO Latin-1,
HTML 4.0 Character entity references,
HTML 4.01 Character References,
HTML 4.01 Code positionspublic static java.lang.String unescapeHtml(java.lang.String str)
Unescapes a string containing entity escapes to a string containing the actual Unicode characters corresponding to the escapes. Supports HTML 4.0 entities.
For example, the string "<Français>" will become "<Français>"
If an entity is unrecognized, it is left alone, and inserted verbatim into the result string. e.g. ">&zzzz;x" will become ">&zzzz;x".
str
- the String
to unescape, may be nullString
, null
if null string inputescapeHtml(Writer, String)
public static void unescapeHtml(java.io.Writer writer, java.lang.String string) throws java.io.IOException
Unescapes a string containing entity escapes to a string containing the actual Unicode characters corresponding to the escapes. Supports HTML 4.0 entities.
For example, the string "<Français>" will become "<Français>"
If an entity is unrecognized, it is left alone, and inserted verbatim into the result string. e.g. ">&zzzz;x" will become ">&zzzz;x".
writer
- the writer receiving the unescaped string, not nullstring
- the String
to unescape, may be nulljava.lang.IllegalArgumentException
- if the writer is nulljava.io.IOException
- if an IOException occursescapeHtml(String)
public static void escapeXml(java.io.Writer writer, java.lang.String str) throws java.io.IOException
Escapes the characters in a String
using XML entities.
For example: "bread" & "butter" => "bread" & "butter".
Supports only the five basic XML entities (gt, lt, quot, amp, apos). Does not support DTDs or external entities.
Note that unicode characters greater than 0x7f are currently escaped to their numerical \\u equivalent. This may change in future releases.
writer
- the writer receiving the unescaped string, not nullstr
- the String
to escape, may be nulljava.lang.IllegalArgumentException
- if the writer is nulljava.io.IOException
- if there is a problem writingunescapeXml(java.lang.String)
public static java.lang.String escapeXml(java.lang.String str)
Escapes the characters in a String
using XML entities.
For example: "bread" & "butter" => "bread" & "butter".
Supports only the five basic XML entities (gt, lt, quot, amp, apos). Does not support DTDs or external entities.
Note that unicode characters greater than 0x7f are currently escaped to their numerical \\u equivalent. This may change in future releases.
str
- the String
to escape, may be nullString
, null
if null string inputunescapeXml(java.lang.String)
public static void unescapeXml(java.io.Writer writer, java.lang.String str) throws java.io.IOException
Unescapes a string containing XML entity escapes to a string containing the actual Unicode characters corresponding to the escapes.
Supports only the five basic XML entities (gt, lt, quot, amp, apos). Does not support DTDs or external entities.
Note that numerical \\u unicode codes are unescaped to their respective unicode characters. This may change in future releases.
writer
- the writer receiving the unescaped string, not nullstr
- the String
to unescape, may be nulljava.lang.IllegalArgumentException
- if the writer is nulljava.io.IOException
- if there is a problem writingescapeXml(String)
public static java.lang.String unescapeXml(java.lang.String str)
Unescapes a string containing XML entity escapes to a string containing the actual Unicode characters corresponding to the escapes.
Supports only the five basic XML entities (gt, lt, quot, amp, apos). Does not support DTDs or external entities.
Note that numerical \\u unicode codes are unescaped to their respective unicode characters. This may change in future releases.
str
- the String
to unescape, may be nullString
, null
if null string inputescapeXml(String)
public static java.lang.String escapeSql(java.lang.String str)
Escapes the characters in a String
to be suitable to pass to
an SQL query.
For example,
statement.executeQuery("SELECT * FROM MOVIES WHERE TITLE='" + StringEscapeUtils.escapeSql("McHale's Navy") + "'");
At present, this method only turns single-quotes into doubled single-quotes
("McHale's Navy"
=> "McHale''s Navy"
). It does not
handle the cases of percent (%) or underscore (_) for use in LIKE clauses.
str
- the string to escape, may be nullnull
if null string inputpublic static java.lang.String escapeCsv(java.lang.String str)
Returns a String
value for a CSV column enclosed in double quotes,
if required.
If the value contains a comma, newline or double quote, then the String value is returned enclosed in double quotes.
Any double quote characters in the value are escaped with another double quote.
If the value does not contain a comma, newline or double quote, then the String value is returned unchanged.
see Wikipedia and RFC 4180.str
- the input CSV column String, may be nullnull
if null string inputpublic static void escapeCsv(java.io.Writer out, java.lang.String str) throws java.io.IOException
Writes a String
value for a CSV column enclosed in double quotes,
if required.
If the value contains a comma, newline or double quote, then the String value is written enclosed in double quotes.
Any double quote characters in the value are escaped with another double quote.
If the value does not contain a comma, newline or double quote, then the String value is written unchanged (null values are ignored).
see Wikipedia and RFC 4180.str
- the input CSV column String, may be nullout
- Writer to write input string to, enclosed in double quotes if it contains
a comma, newline or double quotejava.io.IOException
- if error occurs on underlying Writerpublic static java.lang.String unescapeCsv(java.lang.String str)
Returns a String
value for an unescaped CSV column.
If the value is enclosed in double quotes, and contains a comma, newline or double quote, then quotes are removed.
Any double quote escaped characters (a pair of double quotes) are unescaped to just one double quote.
If the value is not enclosed in double quotes, or is and does not contain a comma, newline or double quote, then the String value is returned unchanged.
see Wikipedia and RFC 4180.str
- the input CSV column String, may be nullnull
if null string inputpublic static void unescapeCsv(java.io.Writer out, java.lang.String str) throws java.io.IOException
Returns a String
value for an unescaped CSV column.
If the value is enclosed in double quotes, and contains a comma, newline or double quote, then quotes are removed.
Any double quote escaped characters (a pair of double quotes) are unescaped to just one double quote.
If the value is not enclosed in double quotes, or is and does not contain a comma, newline or double quote, then the String value is returned unchanged.
see Wikipedia and RFC 4180.str
- the input CSV column String, may be nullout
- Writer to write the input String to, with enclosing double quotes
removed and embedded double quotes unescaped, null
if null string inputjava.io.IOException
- if error occurs on underlying Writer"Copyright © 2010 - 2020 Adobe Systems Incorporated. All Rights Reserved"