This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Talk:How to perform HTML entity encoding in Java"

Jump to: navigation, search
(General Discussion)
Line 3: Line 3:
* ?
* Dave Read
==General Discussion==
==General Discussion==

Revision as of 14:45, 14 January 2008


Needs review


  • Dave Read

General Discussion

The Apache Jakarta Commons Lang package (as of version 2.2) contains a StringEscapeUtils class that contains this functionality. See the escapeHtml(String) method. The documentation states:

   Escapes the characters in a String using HTML entities.
   Supports all known HTML 4.0 entities, including funky accents. Note that the commonly used apostrophe escape character (') is not a legal entity and so is not supported).