Languages
Wiki
All Wiki Articles Create Wiki Article
programming
java
escape
html
[Edit]
EN

Java - how to escape html special characters?

2 contributors
7 contributions
0 discussions
5 points
Created by:
LionRanger
461

Using Java it is possible to escape HTML special characters in the following ways.

When we use Spring Framework we can use:

// import org.springframework.web.util.HtmlUtils

String html = "<p>Some text here...</p>";

String escaped1Html = HtmlUtils.htmlEscape(html);  // "ISO-8859-1" by default
String escaped2Html = HtmlUtils.htmlEscape(html, "UTF-8");

 

Notes:

 

In another case we can try to use some alternative custom versions:

Custom function example

1. String replaceAll() based method

HTMLUtils.java file:

package com.dirask.examples;

public class HTMLUtils {
	
    private static final String[][] CHARACTERS = {
		{  "&", "&amp;"  },  // keep this rule at first position
		{  "<", "&lt;"   },
		{  ">", "&gt;"   },
		{ "\"", "&quot;" },
		{  "'", "&#039;" }   // or &#39; or &#0039; (&apos; is not supported by IE8, &apos; is not defined in HTML 4)
    };

    public static String escapeHtml(String html) {
        String result = html;
        for(String[] entry : CHARACTERS) {
            result = result.replaceAll(entry[0], entry[1]);
        }
        return result;
    }
}

Program.java file:

package com.dirask.examples;

import java.io.UnsupportedEncodingException;

public class Program {

    public static void main(String[] args) {

        String html = "<div class=\"item\">Hi! How are you?</div>";
        String escapedHtml = HTMLUtils.escapeHtml(html);

        System.out.println(escapedHtml);
    }
}

Output:

&lt;div class=&quot;item&quot;&gt;Hi! How are you?&lt;/div&gt;

 

2. Optimal solution

In this section, the presented solution uses a switch to improve function performance.

package com.dirask.examples;

public class HtmlUtils {
	
    public static String escapeHtml(String html) {
        int length = html.length();
        int capacity = (int) Math.round(1.3 * length);
        StringBuilder builder  = new StringBuilder(capacity);
        for (int i = 0; i < length; ++i) {
            char value = html.charAt(i);
            // it is important to keep rules in the proper order
            switch (value) {
                case '&':
                    builder.append("&amp;");
                    break;
                case '<':
                    builder.append("&lt;");
                    break;
                case '>':
                    builder.append("&gt;");
                    break;
                case '"':
                    builder.append("&quot;");
                    break;
                case '\'':
                    builder.append("&#039;");  // or &#39; or &#0039; (&apos; is not supported by IE8, &apos; is not defined in HTML 4)
                    break;
                default:
                    builder.append(value);
                    break;
            }
        }
        return builder.toString();
    }
}

 

See also

  1. HTML - characters that should be escaped 

  2. Spring Framework (Spring Boot) - escape html code

Donate to Dirask
Our content is created by volunteers - like Wikipedia. If you think, the things we do are good, donate us. Thanks!
Direct link
Join to our subscribers to be up to date with content, news and offers.
Native Advertising
🚀
Get your tech brand or product in front of software developers.
For more information Contact us
Dirask - we help you to
solve coding problems.
Ask question.

❤️💻 🙂

Join