HtmlUtils


1   /*
2    * Copyright 2002-2005 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.web.util;
18  
19  import org.springframework.util.StringUtils;
20  
21  /**
22   * Utility class for HTML escaping. Escapes and unescapes
23   * based on the W3C HTML 4.01 recommendation, handling
24   * character entity references.
25   *
26   * <p>Reference:
27   * <a HREF="http://www.w3.org/TR/html4/charset.html">
28   * http://www.w3.org/TR/html4/charset.html
29   * </a>
30   *
31   * <p>For a comprehensive set of String escaping utilities,
32   * consider Jakarta Commons Lang and its StringEscapeUtils class.
33   * We are not using that class here to avoid a runtime dependency
34   * on Commons Lang just for HTML escaping. Furthermore, Spring's
35   * HTML escaping is more flexible and 100% HTML 4.0 compliant.
36   *
37   * @author Juergen Hoeller
38   * @author Martin Kersten
39   * @since 01.03.2003
40   * @see org.apache.commons.lang.StringEscapeUtils
41   */
42  public abstract class HtmlUtils {
43  
44      /**
45       * Shared instance of pre-parsed HTML character entity references.
46       */
47      private static final HtmlCharacterEntityReferences characterEntityReferences =
48              new HtmlCharacterEntityReferences();
49      
50      private static final String   PARAMETER_DELIMETER = "&";
51  
52  
53      /**
54       * Turn special characters into HTML character references.
55       * Handles complete character set defined in HTML 4.01 recommendation.
56       * <p>Escapes all special characters to their corresponding
57       * entity reference (e.g. <code>&lt;</code>).
58       * <p>Reference:
59       * <a HREF="http://www.w3.org/TR/html4/sgml/entities.html">
60       * http://www.w3.org/TR/html4/sgml/entities.html
61       * </a>
62       * @param input the (unescaped) input string
63       * @return the escaped string
64       */
65      public static String   htmlEscape(String   input) {
66          if (input == null) {
67              return null;
68          }
69          StringBuffer   escaped = new StringBuffer  (input.length() * 2);
70          for (int i = 0; i < input.length(); i++) {
71              char character = input.charAt(i);
72              String   reference = characterEntityReferences.convertToReference(character);
73              if (reference != null) {
74                  escaped.append(reference);
75              }
76              else {
77                  escaped.append(character);
78              }
79          }
80          return escaped.toString();
81      }
82  
83      /**
84       * Turn special characters into HTML character references.
85       * Handles complete character set defined in HTML 4.01 recommendation.
86       * <p>Escapes all special characters to their corresponding numeric
87       * reference in decimal format (&#<i>Decimal</i>;).
88       * <p>Reference:
89       * <a HREF="http://www.w3.org/TR/html4/sgml/entities.html">
90       * http://www.w3.org/TR/html4/sgml/entities.html
91       * </a>
92       * @param input the (unescaped) input string
93       * @return the escaped string
94       */
95      public static String   htmlEscapeDecimal(String   input) {
96          if (input == null) {
97              return null;
98          }
99          StringBuffer   escaped = new StringBuffer  (input.length() * 2);
100         for (int i = 0; i < input.length(); i++) {
101             char character = input.charAt(i);
102             if (characterEntityReferences.isMappedToReference(character)) {
103                 escaped.append(HtmlCharacterEntityReferences.DECIMAL_REFERENCE_START);
104                 escaped.append((int) character);
105                 escaped.append(HtmlCharacterEntityReferences.REFERENCE_END);
106             }
107             else {
108                 escaped.append(character);
109             }
110         }
111         return escaped.toString();
112     }
113 
114     /**
115      * HTML escapes <i>just</i> the parameters of the supplied query string.
116      * <p>For example, given the query string
117      * <code>foo=bar&amp;baz=&lt;boz&gt;</code>, the return value will be
118      * <code>foo=bar&amp;baz=&amp;lt;boz&amp;gt;</code> (the &amp; parameter
119      * delimeters are thus preserved).
120      * @param queryString the query string to be so escaped
121      * @return the escaped query string, or the empty string if the supplied query string is <code>null</code> or empty 
122      */
123     public static String   htmlEscapeQueryStringParameters(String   queryString) {
124         if (!StringUtils.hasText(queryString)) {
125             return "";
126         }
127         StringBuffer   buffer = new StringBuffer  (queryString.length() * 2);
128         String  [] parameters = StringUtils.tokenizeToStringArray(queryString, PARAMETER_DELIMETER);
129         if (parameters.length > 0) {
130             for (int i = 0; i < parameters.length; ++i) {
131                 String   parameter = parameters[i];
132                 buffer.append(HtmlUtils.htmlEscape(parameter));
133                 if (i < parameters.length - 1) {
134                     buffer.append(PARAMETER_DELIMETER);
135                 }
136             }
137         }
138         return buffer.toString();
139     }
140 
141     /**
142      * Turn special characters into HTML character references.
143      * Handles complete character set defined in HTML 4.01 recommendation.
144      * <p>Escapes all special characters to their corresponding numeric
145      * reference in hex format (&#x<i>Hex</i>;).
146      * <p>Reference:
147      * <a HREF="http://www.w3.org/TR/html4/sgml/entities.html">
148      * http://www.w3.org/TR/html4/sgml/entities.html
149      * </a>
150      * @param input the (unescaped) input string
151      * @return the escaped string
152      */
153     public static String   htmlEscapeHex(String   input) {
154         if (input == null) {
155             return null;
156         }
157         StringBuffer   escaped = new StringBuffer  (input.length() * 2);
158         for (int i = 0; i < input.length(); i++) {
159             char character = input.charAt(i);
160             if (characterEntityReferences.isMappedToReference(character)) {
161                 escaped.append(HtmlCharacterEntityReferences.HEX_REFERENCE_START);
162                 escaped.append(Integer.toString((int) character, 16));
163                 escaped.append(HtmlCharacterEntityReferences.REFERENCE_END);
164             }
165             else {
166                 escaped.append(character);
167             }
168         }
169         return escaped.toString();
170     }
171 
172     /**
173      * Turn HTML character references into their plain text UNICODE equivalent.
174      * <p>Handles complete character set defined in HTML 4.01 recommendation
175      * and all reference types (decimal, hex, and entity).
176      * <p>Correctly converts the following formats:
177      * <blockquote>
178      * &amp;#<i>Entity</i>; - <i>(Example: &amp;amp;) case sensitive</i>
179      * &amp;#<i>Decimal</i>; - <i>(Example: &amp;#68;)</i><br>
180      * &amp;#x<i>Hex</i>; - <i>(Example: &amp;#xE5;) case insensitive</i><br>
181      * </blockquote>
182      * Gracefully handles malformed character references by copying original
183      * characters as is when encountered.<p>
184      * <p>Reference:
185      * <a HREF="http://www.w3.org/TR/html4/sgml/entities.html">
186      * http://www.w3.org/TR/html4/sgml/entities.html
187      * </a>
188      * @param input the (escaped) input string
189      * @return the unescaped string
190      */
191     public static String   htmlUnescape(String   input) {
192         if (input == null) {
193             return null;
194         }
195         return new HtmlCharacterEntityDecoder(characterEntityReferences, input).decode();
196     }
197 
198 }
199
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags