How To Escape Html Exceptional Characters Inwards Jsp In Addition To Java
Escaping HTML particular characters inwards JSP or Java is a mutual chore for Java programmers. There are many ways to escape HTML meta characters inwards Java, to a greater extent than or less of them nosotros convey already seen inwards terminal article escaping XML metacharacters inwards Java. For those who are non familiar amongst HTML particular characters, in that location are 5 e.g. < , >, &, ' in addition to '' and if y'all desire to impress them literally but similar here, Than y'all demand to escape those graphic symbol in addition to then < becomes < , > becomes > in addition to and then on. Of course, y'all tin write your ain custom tag or method for converting HTML particular characters to entity format which browser empathise but y'all don't demand to create this because in that location are to a greater extent than slowly in addition to touchstone agency to escape HTML particular characters inwards JSP in addition to Java. In this JSP in addition to Java tutorial, nosotros volition larn most HTML particular characters in addition to explore to a greater extent than or less techniques to escape them inwards JSP pages in addition to Java code. By the way, this is every bit good a popular JSP Interview question by in addition to large asked 2 years sense programmers.
List of particular HTML Characters needs escaping
Here is a listing of particular HTML characters which needs to live on escaped inwards social club to live on displayed every bit it is literally inwards the browser. The proficient matter is in that location are solely 5 characters that are requires escaping.
> - <
< - >
& - &
' - '
'' - "
How to escape particular HTML Characters inwards JSP
In JSP if y'all are using EL or JSP facial expression for displaying String y'all must convey faced number related to HTML Special characters. Suppose y'all are printing ${info} in addition to if information contains particular HTML characters similar < or > they volition non live on displayed literally similar that instead they volition live on interpreted every bit opening in addition to closing tag past times the browser. Here is a mutual illustration which shows number caused past times HTML particular characters. Suppose In display.jsp nosotros convey next JSP code
<body>
<%
request.setAttribute("specialCharString", "<i> is called italic tag");
%>
HTML: ${specialCharString}
</body>
Output:
HTML: is called italic tag
<%
request.setAttribute("specialCharString", "<i> is called italic tag");
%>
HTML: ${specialCharString}
</body>
Output:
HTML: is called italic tag
It didn't impress <i> instead it brand the text "is called italic tag" italic because browser interpreted "<" angle bracket every bit opening tag. if y'all desire to display angle bracket every bit it is y'all demand to escape it in addition to instead of "<" y'all demand to usage <
so if y'all modify "specialCharString" to "<i> is called italic tag" it's called escaping HTML particular characters in addition to it volition display the text "<i> is called italic tag" every bit it is. Now instead of doing manually in that location are 2 ways to escape HTML characters inwards JSP
1) past times using <c:out> tag
2) past times using EL business office fn:escapeXml(string)
<c:out> tag has an attribute called "escapeXml" if its truthful it escapes all HTML particular graphic symbol inwards "value" attribute. So,
if y'all usage <c:out value=${specialCharString} escapeXml='true'/> it volition display exact text amongst HTML particular characters similar "<" volition live on displayed every bit angle bracket. Here is modified code illustration of displaying HTML particular characters using JSTL substance <c:out> tag:
<body>
<%
request.setAttribute("specialCharString", "<i> is called italic tag");
%>
HTML: <c:out value="${specialCharString}" escapeXml="true"/>
</body>
Output:
HTML: <i> is called italic tag
<%
request.setAttribute("specialCharString", "<i> is called italic tag");
%>
HTML: <c:out value="${specialCharString}" escapeXml="true"/>
</body>
Output:
HTML: <i> is called italic tag
Also past times default escapeXml is truthful in addition to then <c:out/> is equivalent to <c:out escapeXml='true'/>
Another agency to escape XML or HTML particular graphic symbol inwards JSP is past times using EL (Expression Language) business office called escapeXml(string). In social club to usage this business office y'all demand to import functions from JSTL library past times using @taglib directive. hither is an illustration of using EL business office for display particular HTML characters:
<%@taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
HTML: ${fn:escapeXml("<i> is called italic tag")}
Output:
HTML: <i> is called italic tag
HTML: ${fn:escapeXml("<i> is called italic tag")}
Output:
HTML: <i> is called italic tag
Good component subdivision of both approaches is that they are component subdivision of JSTL substance library in addition to then y'all don't demand to add together whatever to a greater extent than dependency for this
functionality.
How to escape HTML Special Characters inwards Java
Even inwards substance Java, If y'all are working amongst HTML or XML document y'all demand to escape those HTML particular characters inwards social club to display them every bit it is. There are lots of opened upward rootage library available which allows y'all to grip HTML particular characters.
here are to a greater extent than or less of them:
1) StringEscapeUtils from Apache's commons-lang library.
2) HtmlUtils from Spring
3) Own custom method using String replace
here is consummate code illustration of using both Apache Commons StringEscapeUtils in addition to Spring framework’s HtmlUtils for escaping HTML particular characters:
import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.web.util.HtmlUtils;
import org.springframework.web.util.HtmlUtils;
/**
* Java programme to escape String inwards Java in addition to HTML.
* This programme converts HTML meta characters to in that location escape form.
*/
public class HtmlEscapeExample {
public static void main(String args[]) {
String input = "This String contains HTML Special characters requires encoding e.g. < in addition to >";
System.out.println("Input: " + input);
System.out.println("Conversion using Spring HtmlUtils: " + HtmlUtils.htmlEscape(input));
System.out.println("Conversion using Apache park StringEscapeUtils: " + StringEscapeUtils.escapeHtml(input));
}
}
Output:
Input: This String contains HTML Special characters requires encoding e.g. < in addition to >
Conversion using Spring HtmlUtils: This String contains HTML Special characters requires encoding e.g. < in addition to >
Conversion using Apache park StringEscapeUtils: This String contains HTML Special characters requires encoding e.g. < in addition to >
* Java programme to escape String inwards Java in addition to HTML.
* This programme converts HTML meta characters to in that location escape form.
*/
public class HtmlEscapeExample {
public static void main(String args[]) {
String input = "This String contains HTML Special characters requires encoding e.g. < in addition to >";
System.out.println("Input: " + input);
System.out.println("Conversion using Spring HtmlUtils: " + HtmlUtils.htmlEscape(input));
System.out.println("Conversion using Apache park StringEscapeUtils: " + StringEscapeUtils.escapeHtml(input));
}
}
Output:
Input: This String contains HTML Special characters requires encoding e.g. < in addition to >
Conversion using Spring HtmlUtils: This String contains HTML Special characters requires encoding e.g. < in addition to >
Conversion using Apache park StringEscapeUtils: This String contains HTML Special characters requires encoding e.g. < in addition to >
That's all on how to escape HTML particular characters inwards JSP in addition to Java code. nosotros convey seen JSTL <c:out> tag to escape HTML inwards JSP in addition to Spring's HtmlUtils for escaping HTML inwards Java, these are my preferred way. On a side note, I would every bit good tell that use
<c:out> tag for displaying String inwards JSP because it prevents cross-site hijacking past times displaying danger java-script code every bit it is past times escaping HTML particular graphic symbol entered past times the user.
Further Learning
What is divergence betwixt Path in addition to Classpath inwards Java
0 Response to "How To Escape Html Exceptional Characters Inwards Jsp In Addition To Java"
Post a Comment