This week's book giveaway is in the JavaScript forum.
We're giving away four copies of Svelte and Sapper in Action and have Mark Volkmann on-line!
See this thread for details.
Win a copy of Svelte and Sapper in Action this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Native Java HTML encode/escape

 
Ranch Hand
Posts: 59
5
Netbeans IDE Python Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there a native way to encode/escape HTML in Java? I specifically ask for native, as using the Apache Commons is not an option. My application uses modules/is compiled to a runnable image, so using the non-module compatible Apache Commons libraries is not an option. It just seems wild to be that something this basic wouldn't be included, but I have not been able to find anything so far. Any insight appreciated.
 
Saloon Keeper
Posts: 22503
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm afraid I don't have the faintest clue what you are asking. If you create a Java (JEE) webapp, it can contain HTML, images of different types, javascript and much more, but I don't know how that fits in with the idea of "escaping" or "encoding" HTML "in Java".
 
Master Rancher
Posts: 3922
36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you post some before and after examples with some comments to explain what was changed.
 
Bartender
Posts: 7302
65
Eclipse IDE Firefox Browser MySQL Database VI Editor Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you mean
This is an '<&>' ampersand enclosed in angle brackets.

changed to
This is an '&lt;&amp;&gt;' ampersand enclosed in angle brackets.
 
Draque Thompson
Ranch Hand
Posts: 59
5
Netbeans IDE Python Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Carey Brown wrote:Do you mean
This is an '<&>' ampersand enclosed in angle brackets.

changed to
This is an '&lt;&amp;&gt;' ampersand enclosed in angle brackets.



This exactly, sorry for not being more specific. I’m looking for a something that will take any given string and make it safe to just toss into an HTML document to be displayed.

This doesn’t have to cover complex security scenarios, as the pages are generated locally, and based entirely on user created strings.
 
Norm Radder
Master Rancher
Posts: 3922
36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The URLEncoder  class does something like that.  
 
Draque Thompson
Ranch Hand
Posts: 59
5
Netbeans IDE Python Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Norm Radder wrote:The URLEncoder  class does something like that.  



I found this one, but it unfortunately only has encoding specifically for URLs. It does not take HTML unsafe characters and re-encode them for display on web pages. The functionality that I'm looking for would be the same as is offered by StringEscapeUtils.escapeHtml() from apache-commons. Like I said in the original post though, using the apache commons class is not an option for my project.
 
Marshal
Posts: 3182
466
Android Eclipse IDE TypeScript Redhat MicroProfile Quarkus Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why isn't Apache Commons Text an option?
 
Carey Brown
Bartender
Posts: 7302
65
Eclipse IDE Firefox Browser MySQL Database VI Editor Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is a basic encoder. You may or may not want to enhance it by also converting new-lines to <br/>.

 
Tim Holloway
Saloon Keeper
Posts: 22503
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ron McLeod wrote:Why isn't Apache Commons Text an option?



Indeed. WHY???
 
Draque Thompson
Ranch Hand
Posts: 59
5
Netbeans IDE Python Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:

Ron McLeod wrote:Why isn't Apache Commons Text an option?



Indeed. WHY???



My project requires that libraries have compatibility with the module system. I use jpackage to create platform specific images/installers for, and in that particular case, using the automatic module feature is unfortunately not an option.

I think I'm probably just going to go with the option of keeping track of HTML unsafe characters and replacing them myself, as suggested by Carey for the moment.
 
Ron McLeod
Marshal
Posts: 3182
466
Android Eclipse IDE TypeScript Redhat MicroProfile Quarkus Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I haven't had a need to work with the module system, but it appears like the current version does include the module name in the manifest.  Maybe there is more to it that I don't understand?
 
Ron McLeod
Marshal
Posts: 3182
466
Android Eclipse IDE TypeScript Redhat MicroProfile Quarkus Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Could you use a Maven plugin like ModiTect to create the module-info.java descriptors that you may need?
 
Draque Thompson
Ranch Hand
Posts: 59
5
Netbeans IDE Python Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have used module info injection for a few libraries that I absolutely cannot do without, but I am limiting that to cases where there is no other work around. It seems like most commonly used libraries are slowly coming fully into Java9+ land, so I’m just trying to be patient there rather than use a method that requires later refactoring, or makes the maven dependencies less standard.
 
Sheriff
Posts: 22000
107
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ron McLeod wrote:Could you use a Maven plugin like ModiTect to create the module-info.java descriptors that you may need?


ModiTect works fine for your own libraries, but commons-text isn't ours to update.

However, I think that commons-text should work just fine. It's an automatic module, yes, but it defines its module name in the Manifest. It has no dependencies that I know of, it doesn't need to hide any package, and doesn't use or provide any service that I know of.
 
I'm all tasted up for a BLT! This tiny ad wants a monte cristo!
the value of filler advertising in 2020
https://coderanch.com/t/730886/filler-advertising
    Bookmark Topic Watch Topic
  • New Topic