Escaping HTML particular characters inwards JSP or Java is a mutual chore for Java programmers. There are many ways to escape HTML meta characters inwards Java, about of them nosotros bring already seen inwards final article escaping XML metacharacters inwards Java. For those who are non familiar amongst HTML particular characters, at that topographic point are 5 e.g. < , >, &, ' too '' and if you lot desire to impress them literally simply similar here, Than you lot demand to escape those grapheme too therefore < becomes < , > becomes > too and therefore on. Of course, you lot tin write your ain custom tag or method for converting HTML particular characters to entity format which browser sympathise but you lot don't demand to create this because at that topographic point are to a greater extent than tardily too touchstone agency to escape HTML particular characters inwards JSP too Java. In this JSP too Java tutorial, nosotros volition acquire almost HTML particular characters too explore about techniques to escape them inwards JSP pages too Java code. By the way, this is too a popular JSP Interview question to a greater extent than frequently than non asked 2 years sense programmers.
List of particular HTML Characters needs escaping
Here is a listing of particular HTML characters which needs to endure escaped inwards guild to endure displayed equally it is literally inwards the browser. The skillful matter is at that topographic point are exclusively 5 characters that are requires escaping.
> - <
< - >
& - &
' - '
'' - "
How to escape particular HTML Characters inwards JSP
In JSP if you lot are using EL or JSP appear for displaying String you lot must bring faced number related to HTML Special characters. Suppose you lot are printing ${info} too if information contains particular HTML characters similar < or > they volition non endure displayed literally similar that instead they volition endure interpreted equally opening too closing tag past times the browser. Here is a mutual representative which shows number caused past times HTML particular characters. Suppose In display.jsp nosotros bring next JSP code
<body>
<%
request.setAttribute("specialCharString", "<i> is called italic tag");
%>
HTML: ${specialCharString}
</body>
Output:
HTML: is called italic tag
<%
request.setAttribute("specialCharString", "<i> is called italic tag");
%>
HTML: ${specialCharString}
</body>
Output:
HTML: is called italic tag
It didn't impress <i> instead it brand the text "is called italic tag" italic because browser interpreted "<" angle bracket equally opening tag. if you lot desire to display angle bracket equally it is you lot demand to escape it too instead of "<" you lot demand to work <
so if you lot alter "specialCharString" to "<i> is called italic tag" it's called escaping HTML particular characters too it volition display the text "<i> is called italic tag" equally it is. Now instead of doing manually at that topographic point are ii ways to escape HTML characters inwards JSP
1) past times using <c:out> tag
2) past times using EL business office fn:escapeXml(string)
<c:out> tag has an attribute called "escapeXml" if its truthful it escapes all HTML particular grapheme inwards "value" attribute. So,
if you lot work <c:out value=${specialCharString} escapeXml='true'/> it volition display exact text amongst HTML particular characters similar "<" volition endure displayed equally angle bracket. Here is modified code representative of displaying HTML particular characters using JSTL centre <c:out> tag:
<body>
<%
request.setAttribute("specialCharString", "<i> is called italic tag");
%>
HTML: <c:out value="${specialCharString}" escapeXml="true"/>
</body>
Output:
HTML: <i> is called italic tag
<%
request.setAttribute("specialCharString", "<i> is called italic tag");
%>
HTML: <c:out value="${specialCharString}" escapeXml="true"/>
</body>
Output:
HTML: <i> is called italic tag
Also past times default escapeXml is truthful too therefore <c:out/> is equivalent to <c:out escapeXml='true'/>
Another agency to escape XML or HTML particular grapheme inwards JSP is past times using EL (Expression Language) business office called escapeXml(string). In guild to work this business office you lot demand to import functions from JSTL library past times using @taglib directive. hither is an representative of using EL business office for display particular HTML characters:
<%@taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
HTML: ${fn:escapeXml("<i> is called italic tag")}
Output:
HTML: <i> is called italic tag
HTML: ${fn:escapeXml("<i> is called italic tag")}
Output:
HTML: <i> is called italic tag
Good component subdivision of both approaches is that they are component subdivision of JSTL centre library too therefore you lot don't demand to add together whatsoever to a greater extent than dependency for this
functionality.
How to escape HTML Special Characters inwards Java
Even inwards centre Java, If you lot are working amongst HTML or XML document you lot demand to escape those HTML particular characters inwards guild to display them equally it is. There are lots of opened upwardly origin library available which allows you lot to grip HTML particular characters.
here are about of them:
1) StringEscapeUtils from Apache's commons-lang library.
2) HtmlUtils from Spring
3) Own custom method using String replace
here is consummate code representative of using both Apache Commons StringEscapeUtils too Spring framework’s HtmlUtils for escaping HTML particular characters:
import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.web.util.HtmlUtils;
import org.springframework.web.util.HtmlUtils;
/**
* Java programme to escape String inwards Java too HTML.
* This programme converts HTML meta characters to at that topographic point escape form.
*/
public class HtmlEscapeExample {
public static void main(String args[]) {
String input = "This String contains HTML Special characters requires encoding e.g. < too >";
System.out.println("Input: " + input);
System.out.println("Conversion using Spring HtmlUtils: " + HtmlUtils.htmlEscape(input));
System.out.println("Conversion using Apache common StringEscapeUtils: " + StringEscapeUtils.escapeHtml(input));
}
}
Output:
Input: This String contains HTML Special characters requires encoding e.g. < too >
Conversion using Spring HtmlUtils: This String contains HTML Special characters requires encoding e.g. < too >
Conversion using Apache common StringEscapeUtils: This String contains HTML Special characters requires encoding e.g. < too >
* Java programme to escape String inwards Java too HTML.
* This programme converts HTML meta characters to at that topographic point escape form.
*/
public class HtmlEscapeExample {
public static void main(String args[]) {
String input = "This String contains HTML Special characters requires encoding e.g. < too >";
System.out.println("Input: " + input);
System.out.println("Conversion using Spring HtmlUtils: " + HtmlUtils.htmlEscape(input));
System.out.println("Conversion using Apache common StringEscapeUtils: " + StringEscapeUtils.escapeHtml(input));
}
}
Output:
Input: This String contains HTML Special characters requires encoding e.g. < too >
Conversion using Spring HtmlUtils: This String contains HTML Special characters requires encoding e.g. < too >
Conversion using Apache common StringEscapeUtils: This String contains HTML Special characters requires encoding e.g. < too >
That's all on how to escape HTML particular characters inwards JSP too Java code. nosotros bring seen JSTL <c:out> tag to escape HTML inwards JSP too Spring's HtmlUtils for escaping HTML inwards Java, these are my preferred way. On a side note, I would too nation that use
<c:out> tag for displaying String inwards JSP because it prevents cross-site hijacking past times displaying danger java-script code equally it is past times escaping HTML particular grapheme entered past times the user.
Further Learning
What is divergence betwixt Path too Classpath inwards Java
No comments:
Post a Comment