Difference between revisions of "Talk:How to perform HTML entity encoding in Java"

From OWASP
Jump to: navigation, search
(Reviewers)
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
 
==Status==
 
==Status==
Needs review
+
Released [[User:Stephendv|Stephendv]] 09:51, 14 January 2008 (EST)
  
 
==Reviewers==
 
==Reviewers==
Line 12: Line 12:
  
 
     Supports all known HTML 4.0 entities, including funky accents. Note that the commonly used apostrophe escape character (') is not a legal entity and so is not supported).
 
     Supports all known HTML 4.0 entities, including funky accents. Note that the commonly used apostrophe escape character (') is not a legal entity and so is not supported).
 +
 +
Why go to all the trouble of computing int len and running the for loop if the input String is null? I suggest adding a sanity check to the top of the method:
 +
 +
    if (s == null) return "";

Latest revision as of 16:48, 25 August 2008

Status

Released Stephendv 09:51, 14 January 2008 (EST)

Reviewers

  • Dave Read

General Discussion

The Apache Jakarta Commons Lang package (as of version 2.2) contains a StringEscapeUtils class that contains this functionality. See the escapeHtml(String) method. The documentation states:

   Escapes the characters in a String using HTML entities.
   Supports all known HTML 4.0 entities, including funky accents. Note that the commonly used apostrophe escape character (') is not a legal entity and so is not supported).

Why go to all the trouble of computing int len and running the for loop if the input String is null? I suggest adding a sanity check to the top of the method:

   if (s == null) return "";