| Constructor and Description |
|---|
HTMLUtil() |
| Modifier and Type | Method and Description |
|---|---|
static String |
entityToQuote(String str)
Replaces embedded entities for single and double quotes, back to the
correspoding single and double quote characters.
|
static void |
main(String[] args) |
static String |
quoteToEntity(String str)
Replaces all occurences of single and double quotes
with corresponding HTML entities.
|
public HTMLUtil()
public static String quoteToEntity(String str)
<input type=text value='O'Reilly'>O'Reilly could have been typed in by the user (and we are maintaining state so we have to show the value back to the user) or it could have been retrieved from the database. Either way, when the form is resubmitted, it would not be sent properly by the browser.
The embedded single quote in the value trips up the browser, because it prematurely ends the value. One would think that the following backslash-escape would work:
<input type=text value='O\'Reilly'>Unfortunately, escaping like this does not work reliably in firefox, safari or IE.
Here is another example:
<input type=text value="foo"bar">The following escape does not work either:
<input type=text value="foo\"bar">To be safe, all embedded quotes must be encoded using character escapes: (single quote (') as ' ) and double quote (double (") as " ). So
<input type=text value='O'Reilly'>This works fine and is submitted by the browser as O'Reilly
This method is critically useful. Learn it. Live it.
public static String entityToQuote(String str)
quoteToEntity(String)