Languages
[Edit]
EN

Java - how to escape html special characters?

5 points
Created by:
LionRanger
371

Using Java it is possible to escape HTML special characters in the following ways.

When we use Spring Framework we can use:

//import org.springframework.web.util.HtmlUtils

String html = "<p>Some text here...</p>";

String escaped1Html = HtmlUtils.htmlEscape(html); // "ISO-8859-1" by default
String escaped2Html = HtmlUtils.htmlEscape(html, "UTF-8");

 

Notes:

 

In another case we can try to use some alternative custom versions:

1. Custom function example - based on replaceAll method

HTMLUtils.java file:

package com.dirask.examples;

import java.io.UnsupportedEncodingException;

public class HTMLUtils {
	
    private static final String[][] CHARACTERS = {
		{  "&", "&amp;"  }, // keep this rule at first position
		{  "<", "&lt;"   },
		{  ">", "&gt;"   },
		{ "\"", "&quot;" },
		{  "'", "&#039;" }  // or  &#39;  or  &#0039;
                            // &apos;  is not supported by IE8
                            // &apos;  is not defined in HTML 4
    };

    public static String escape(String html) throws UnsupportedEncodingException {
        String result = html;

        for(String[] entry : CHARACTERS) {
            result = result.replaceAll(entry[0], entry[1]);
        }

        return result;
    }
}

Program.java file:

package com.dirask.examples;

import java.io.UnsupportedEncodingException;

public class Program {

    public static void main(String[] args) throws UnsupportedEncodingException {

        String html = "<div class=\"item\">Hi! How are you?</div>";
        String escapedHtml = HTMLUtils.escape(html);

        System.out.println(escapedHtml);
    }
}

Output:

&lt;div class=&quot;item&quot;&gt;Hi! How are you?&lt;/div&gt;

 

2. Optimal solution

In this section, the presented solution uses a switch to improve function performance.

package com.dirask.examples;

import java.io.UnsupportedEncodingException;

public class HTMLUtils {
	
    public static String escape(String html) throws UnsupportedEncodingException {
        int length = html.length();
        StringBuilder builder = new StringBuilder(length);

        for (int i = 0; i < length; ++i) {
            char value = html.charAt(i);

            // it is important to keep rules in the proper order

            switch (value) {
                case '&':
                    builder.append("&amp;");
                    break;
                case '<':
                    builder.append("&lt;");
                    break;
                case '>':
                    builder.append("&gt;");
                    break;
                case '"':
                    builder.append("&quot;");
                    break;
                case '\'':
                    builder.append("&#039;"); // or  &#39;  or  &#0039;
                                              // &apos;  is not supported by IE8
                                              // &apos;  is not defined in HTML 4
                    break;
                default:
                    builder.append(value);
                    break;
            }
        }

        return builder.toString();
    }
}

See also

  1. HTML - characters that should be escaped 
  2. Spring Framework (Spring Boot) - escape html code

Native Advertising
🚀
Get your tech brand or product in front of software developers.
For more information Contact us
Dirask - we help you to
solve coding problems.
Ask question.

❤️💻 🙂

Join