Package org.primefaces.util

Class EscapeUtils

  • public class EscapeUtils
extends Object

    Utility methods contained herein must be used strictly for the appropriate context, e.g. HTML, HTML attribute, JS string.

    Method calls are delegated to safe and well-tried whitelisting encoders from owasp-java-encoding.

    • Method Detail

      • forHtml

        public static String forHtml​(String input)
        See Also:
        Encode.forHtml(String)

      • forHtmlContent

        public static String forHtmlContent​(String input)
        See Also:
        Encode.forHtmlContent(String)

      • forHtmlAttribute

        public static String forHtmlAttribute​(String input)
        See Also:
        Encode.forHtmlAttribute(String)

      • forHtmlUnquotedAttribute

        public static String forHtmlUnquotedAttribute​(String input)
        See Also:
        Encode.forHtmlUnquotedAttribute(String)

      • forCssString

        public static String forCssString​(String input)
        See Also:
        Encode.forCssString(String)

      • forCssUrl

        public static String forCssUrl​(String input)
        See Also:
        Encode.forCssUrl(String)

      • forUriComponent

        public static String forUriComponent​(String input)
        See Also:
        Encode.forUriComponent(String)

      • forXml

        public static String forXml​(String input)
        See Also:
        Encode.forXml(String)

      • forXmlContent

        public static String forXmlContent​(String input)
        See Also:
        Encode.forXmlContent(String)

      • forXmlAttribute

        public static String forXmlAttribute​(String input)
        See Also:
        Encode.forXmlAttribute(String)

      • forXmlComment

        public static String forXmlComment​(String input)
        See Also:
        Encode.forXmlComment(String)

      • forCDATA

        public static String forCDATA​(String input)
        See Also:
        Encode.forCDATA(String)

      • forJava

        public static String forJava​(String input)
        See Also:
        Encode.forJava(String)

      • forJavaScript

        public static String forJavaScript​(String input)
        See Also:
        Encode.forJavaScript(String)

      • forJavaScriptAttribute

        public static String forJavaScriptAttribute​(String input)
        See Also:
        Encode.forJavaScriptAttribute(String)

      • forJavaScriptBlock

        public static String forJavaScriptBlock​(String input)
        See Also:
        Encode.forJavaScriptBlock(String)

      • forJavaScriptSource

        public static String forJavaScriptSource​(String input)
        See Also:
        Encode.forJavaScriptSource(String)

      • forJavaScriptVarName

        public static String forJavaScriptVarName​(String input)

      • forXmlTag

        public static String forXmlTag​(String intag)
        Ensure a valid XMLElement name is returned.
        Uses the XMLChar
        Replaces spaces by underscores, < by .lt, > by .gt. and all other characters by '.X.', where is the output of Integer.toHexString()
        Parameters:
        intag - the source for the element name
        Returns:
        valid XML element name