How Can I Safely Escape HTML Symbols in Java?

Escaping HTML Symbols in Plain Java: A Recommended Solution

When generating HTML output in Java, it's essential to escape certain characters (<, >, ", &) to prevent them from being interpreted as actual HTML elements. While manual replacements are possible, it can become tedious and error-prone.

Solution: StringEscapeUtils

Apache Commons Lang provides a convenient solution with the StringEscapeUtils class. This class offers a variety of methods for escaping different types of characters in strings, including escaping HTML symbols.

import static org.apache.commons.lang.StringEscapeUtils.escapeHtml;
// ...
String source = "The less than sign (<) and ampersand (&amp;) must be escaped before using them in HTML";
String escaped = escapeHtml(source);

Version 3 Compatibility

In Apache Commons Lang version 3, the escapeHtml method has been deprecated in favor of escapeHtml4. To ensure compatibility with version 3, use the following code:

import static org.apache.commons.lang3.StringEscapeUtils.escapeHtml4;
// ...
String source = "The less than sign (<) and ampersand (&amp;) must be escaped before using them in HTML";
String escaped = escapeHtml4(source);

By utilizing StringEscapeUtils, you can efficiently and reliably escape HTML symbols in your Java code while adhering to best practices.

The above is the detailed content of How Can I Safely Escape HTML Symbols in Java?. For more information, please follow other related articles on the PHP Chinese website!