public class StringEscapeUtils extends Object
Escapes and unescapes String
s for
Java, Java Script, HTML and XML.
#ThreadSafe#
Modifier and Type | Field and Description |
---|---|
static CharSequenceTranslator |
ESCAPE_CSV
Translator object for escaping individual Comma Separated Values.
|
static CharSequenceTranslator |
ESCAPE_ECMASCRIPT
Translator object for escaping EcmaScript/JavaScript.
|
static CharSequenceTranslator |
ESCAPE_HTML3
Translator object for escaping HTML version 3.0.
|
static CharSequenceTranslator |
ESCAPE_HTML4
Translator object for escaping HTML version 4.0.
|
static CharSequenceTranslator |
ESCAPE_JAVA
Translator object for escaping Java.
|
static CharSequenceTranslator |
ESCAPE_JSON
Translator object for escaping Json.
|
static CharSequenceTranslator |
ESCAPE_XML
Deprecated.
use
ESCAPE_XML10 or ESCAPE_XML11 instead. |
static CharSequenceTranslator |
ESCAPE_XML10
Translator object for escaping XML 1.0.
|
static CharSequenceTranslator |
ESCAPE_XML11
Translator object for escaping XML 1.1.
|
static CharSequenceTranslator |
UNESCAPE_CSV
Translator object for unescaping escaped Comma Separated Value entries.
|
static CharSequenceTranslator |
UNESCAPE_ECMASCRIPT
Translator object for unescaping escaped EcmaScript.
|
static CharSequenceTranslator |
UNESCAPE_HTML3
Translator object for unescaping escaped HTML 3.0.
|
static CharSequenceTranslator |
UNESCAPE_HTML4
Translator object for unescaping escaped HTML 4.0.
|
static CharSequenceTranslator |
UNESCAPE_JAVA
Translator object for unescaping escaped Java.
|
static CharSequenceTranslator |
UNESCAPE_JSON
Translator object for unescaping escaped Json.
|
static CharSequenceTranslator |
UNESCAPE_XML
Translator object for unescaping escaped XML.
|
Constructor and Description |
---|
StringEscapeUtils()
StringEscapeUtils instances should NOT be constructed in
standard programming. |
Modifier and Type | Method and Description |
---|---|
static String |
escapeCsv(String input)
Returns a
String value for a CSV column enclosed in double quotes,
if required. |
static String |
escapeEcmaScript(String input)
Escapes the characters in a
String using EcmaScript String rules. |
static String |
escapeHtml3(String input)
Escapes the characters in a
String using HTML entities. |
static String |
escapeHtml4(String input)
Escapes the characters in a
String using HTML entities. |
static String |
escapeJava(String input)
Escapes the characters in a
String using Java String rules. |
static String |
escapeJson(String input)
Escapes the characters in a
String using Json String rules. |
static String |
escapeXml(String input)
Deprecated.
use
escapeXml10(java.lang.String) or escapeXml11(java.lang.String) instead. |
static String |
escapeXml10(String input)
Escapes the characters in a
String using XML entities. |
static String |
escapeXml11(String input)
Escapes the characters in a
String using XML entities. |
static String |
unescapeCsv(String input)
Returns a
String value for an unescaped CSV column. |
static String |
unescapeEcmaScript(String input)
Unescapes any EcmaScript literals found in the
String . |
static String |
unescapeHtml3(String input)
Unescapes a string containing entity escapes to a string
containing the actual Unicode characters corresponding to the
escapes.
|
static String |
unescapeHtml4(String input)
Unescapes a string containing entity escapes to a string
containing the actual Unicode characters corresponding to the
escapes.
|
static String |
unescapeJava(String input)
Unescapes any Java literals found in the
String . |
static String |
unescapeJson(String input)
Unescapes any Json literals found in the
String . |
static String |
unescapeXml(String input)
Unescapes a string containing XML entity escapes to a string
containing the actual Unicode characters corresponding to the
escapes.
|
public static final CharSequenceTranslator ESCAPE_JAVA
escapeJava(String)
is the expected method of use, this
object allows the Java escaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator ESCAPE_ECMASCRIPT
escapeEcmaScript(String)
is the expected method of use, this
object allows the EcmaScript escaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator ESCAPE_JSON
escapeJson(String)
is the expected method of use, this
object allows the Json escaping functionality to be used
as the foundation for a custom translator.@Deprecated public static final CharSequenceTranslator ESCAPE_XML
ESCAPE_XML10
or ESCAPE_XML11
instead.escapeXml(String)
is the expected method of use, this
object allows the XML escaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator ESCAPE_XML10
escapeXml10(String)
is the expected method of use, this
object allows the XML escaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator ESCAPE_XML11
escapeXml11(String)
is the expected method of use, this
object allows the XML escaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator ESCAPE_HTML3
escapeHtml3(String)
is the expected method of use, this
object allows the HTML escaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator ESCAPE_HTML4
escapeHtml4(String)
is the expected method of use, this
object allows the HTML escaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator ESCAPE_CSV
escapeCsv(String)
is the expected method of use, this
object allows the CSV escaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator UNESCAPE_JAVA
unescapeJava(String)
is the expected method of use, this
object allows the Java unescaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator UNESCAPE_ECMASCRIPT
unescapeEcmaScript(String)
is the expected method of use, this
object allows the EcmaScript unescaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator UNESCAPE_JSON
unescapeJson(String)
is the expected method of use, this
object allows the Json unescaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator UNESCAPE_HTML3
unescapeHtml3(String)
is the expected method of use, this
object allows the HTML unescaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator UNESCAPE_HTML4
unescapeHtml4(String)
is the expected method of use, this
object allows the HTML unescaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator UNESCAPE_XML
unescapeXml(String)
is the expected method of use, this
object allows the XML unescaping functionality to be used
as the foundation for a custom translator.public static final CharSequenceTranslator UNESCAPE_CSV
unescapeCsv(String)
is the expected method of use, this
object allows the CSV unescaping functionality to be used
as the foundation for a custom translator.public StringEscapeUtils()
StringEscapeUtils
instances should NOT be constructed in
standard programming.
Instead, the class should be used as:
StringEscapeUtils.escapeJava("foo");
This constructor is public to permit tools that require a JavaBean instance to operate.
public static final String escapeJava(String input)
Escapes the characters in a String
using Java String rules.
Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.)
So a tab becomes the characters '\\'
and
't'
.
The only difference between Java strings and JavaScript strings is that in JavaScript, a single quote and forward-slash (/) are escaped.
Example:
input string: He didn't say, "Stop!" output string: He didn't say, \"Stop!\"
input
- String to escape values in, may be nullnull
if null string inputpublic static final String escapeEcmaScript(String input)
Escapes the characters in a String
using EcmaScript String rules.
Escapes any values it finds into their EcmaScript String form. Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.)
So a tab becomes the characters '\\'
and
't'
.
The only difference between Java strings and EcmaScript strings is that in EcmaScript, a single quote and forward-slash (/) are escaped.
Note that EcmaScript is best known by the JavaScript and ActionScript dialects.
Example:
input string: He didn't say, "Stop!" output string: He didn\'t say, \"Stop!\"
input
- String to escape values in, may be nullnull
if null string inputpublic static final String escapeJson(String input)
Escapes the characters in a String
using Json String rules.
Escapes any values it finds into their Json String form. Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.)
So a tab becomes the characters '\\'
and
't'
.
The only difference between Java strings and Json strings is that in Json, forward-slash (/) is escaped.
See http://www.ietf.org/rfc/rfc4627.txt for further details.
Example:
input string: He didn't say, "Stop!" output string: He didn't say, \"Stop!\"
input
- String to escape values in, may be nullnull
if null string inputpublic static final String unescapeJava(String input)
Unescapes any Java literals found in the String
.
For example, it will turn a sequence of '\'
and
'n'
into a newline character, unless the '\'
is preceded by another '\'
.
input
- the String
to unescape, may be nullString
, null
if null string inputpublic static final String unescapeEcmaScript(String input)
Unescapes any EcmaScript literals found in the String
.
For example, it will turn a sequence of '\'
and 'n'
into a newline character, unless the '\'
is preceded by another
'\'
.
input
- the String
to unescape, may be nullString
, null
if null string inputunescapeJava(String)
public static final String unescapeJson(String input)
Unescapes any Json literals found in the String
.
For example, it will turn a sequence of '\'
and 'n'
into a newline character, unless the '\'
is preceded by another
'\'
.
input
- the String
to unescape, may be nullString
, null
if null string inputunescapeJava(String)
public static final String escapeHtml4(String input)
Escapes the characters in a String
using HTML entities.
For example:
"bread" & "butter"
"bread" & "butter"
.
Supports all known HTML 4.0 entities, including funky accents. Note that the commonly used apostrophe escape character (') is not a legal entity and so is not supported).
input
- the String
to escape, may be nullString
, null
if null string inputpublic static final String escapeHtml3(String input)
Escapes the characters in a String
using HTML entities.
Supports only the HTML 3.0 entities.
input
- the String
to escape, may be nullString
, null
if null string inputpublic static final String unescapeHtml4(String input)
Unescapes a string containing entity escapes to a string containing the actual Unicode characters corresponding to the escapes. Supports HTML 4.0 entities.
For example, the string "<Français>"
will become "<Français>"
If an entity is unrecognized, it is left alone, and inserted
verbatim into the result string. e.g. ">&zzzz;x"
will
become ">&zzzz;x"
.
input
- the String
to unescape, may be nullString
, null
if null string inputpublic static final String unescapeHtml3(String input)
Unescapes a string containing entity escapes to a string containing the actual Unicode characters corresponding to the escapes. Supports only HTML 3.0 entities.
input
- the String
to unescape, may be nullString
, null
if null string input@Deprecated public static final String escapeXml(String input)
escapeXml10(java.lang.String)
or escapeXml11(java.lang.String)
instead.Escapes the characters in a String
using XML entities.
For example: "bread" & "butter"
=>
"bread" & "butter"
.
Supports only the five basic XML entities (gt, lt, quot, amp, apos). Does not support DTDs or external entities.
Note that Unicode characters greater than 0x7f are as of 3.0, no longer
escaped. If you still wish this functionality, you can achieve it
via the following:
StringEscapeUtils.ESCAPE_XML.with( NumericEntityEscaper.between(0x7f, Integer.MAX_VALUE) );
input
- the String
to escape, may be nullString
, null
if null string inputunescapeXml(java.lang.String)
public static String escapeXml10(String input)
Escapes the characters in a String
using XML entities.
For example: "bread" & "butter"
=>
"bread" & "butter"
.
Note that XML 1.0 is a text-only format: it cannot represent control
characters or unpaired Unicode surrogate codepoints, even after escaping.
escapeXml10
will remove characters that do not fit in the
following ranges:
#x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]
Though not strictly necessary, escapeXml10
will escape
characters in the following ranges:
[#x7F-#x84] | [#x86-#x9F]
The returned string can be inserted into a valid XML 1.0 or XML 1.1
document. If you want to allow more non-text characters in an XML 1.1
document, use escapeXml11(String)
.
input
- the String
to escape, may be nullString
, null
if null string inputunescapeXml(java.lang.String)
public static String escapeXml11(String input)
Escapes the characters in a String
using XML entities.
For example: "bread" & "butter"
=>
"bread" & "butter"
.
XML 1.1 can represent certain control characters, but it cannot represent
the null byte or unpaired Unicode surrogate codepoints, even after escaping.
escapeXml11
will remove characters that do not fit in the following
ranges:
[#x1-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]
escapeXml11
will escape characters in the following ranges:
[#x1-#x8] | [#xB-#xC] | [#xE-#x1F] | [#x7F-#x84] | [#x86-#x9F]
The returned string can be inserted into a valid XML 1.1 document. Do not use it for XML 1.0 documents.
input
- the String
to escape, may be nullString
, null
if null string inputunescapeXml(java.lang.String)
public static final String unescapeXml(String input)
Unescapes a string containing XML entity escapes to a string containing the actual Unicode characters corresponding to the escapes.
Supports only the five basic XML entities (gt, lt, quot, amp, apos). Does not support DTDs or external entities.
Note that numerical \\u Unicode codes are unescaped to their respective Unicode characters. This may change in future releases.
input
- the String
to unescape, may be nullString
, null
if null string inputescapeXml(String)
,
escapeXml10(String)
,
escapeXml11(String)
public static final String escapeCsv(String input)
Returns a String
value for a CSV column enclosed in double quotes,
if required.
If the value contains a comma, newline or double quote, then the String value is returned enclosed in double quotes.
Any double quote characters in the value are escaped with another double quote.
If the value does not contain a comma, newline or double quote, then the String value is returned unchanged.
see Wikipedia and RFC 4180.input
- the input CSV column String, may be nullnull
if null string inputpublic static final String unescapeCsv(String input)
Returns a String
value for an unescaped CSV column.
If the value is enclosed in double quotes, and contains a comma, newline or double quote, then quotes are removed.
Any double quote escaped characters (a pair of double quotes) are unescaped to just one double quote.
If the value is not enclosed in double quotes, or is and does not contain a comma, newline or double quote, then the String value is returned unchanged.
see Wikipedia and RFC 4180.input
- the input CSV column String, may be nullnull
if null string inputCopyright © 2001–2016 The Apache Software Foundation. All rights reserved.