This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:How to perform HTML entity encoding in Java"
From OWASP
(→Status) |
|||
Line 12: | Line 12: | ||
Supports all known HTML 4.0 entities, including funky accents. Note that the commonly used apostrophe escape character (') is not a legal entity and so is not supported). | Supports all known HTML 4.0 entities, including funky accents. Note that the commonly used apostrophe escape character (') is not a legal entity and so is not supported). | ||
+ | |||
+ | Why go to all the trouble of computing int len and running the for loop if the input String is null? I suggest adding a sanity check to the top of the method: | ||
+ | |||
+ | if (s == null) return ""; |
Latest revision as of 21:48, 25 August 2008
Status
Released Stephendv 09:51, 14 January 2008 (EST)
Reviewers
- Dave Read
General Discussion
The Apache Jakarta Commons Lang package (as of version 2.2) contains a StringEscapeUtils class that contains this functionality. See the escapeHtml(String) method. The documentation states:
Escapes the characters in a String using HTML entities.
Supports all known HTML 4.0 entities, including funky accents. Note that the commonly used apostrophe escape character (') is not a legal entity and so is not supported).
Why go to all the trouble of computing int len and running the for loop if the input String is null? I suggest adding a sanity check to the top of the method:
if (s == null) return "";