Package org.primefaces.util

Class EscapeUtils

java.lang.Object

org.primefaces.util.EscapeUtils

public class EscapeUtils
extends Object

Utility methods contained herein must be used strictly for the appropriate context, e.g., HTML, HTML attribute, JS string.

Method calls are delegated to safe and well-tried allowlist encoders from owasp-java-encoding.

Method Summary

Modifier and Type	Method	Description
static String	forCDATA(String input)
static String	forCssString(String input)
static String	forCssUrl(String input)
static String	forHtml(String input)
static String	forHtmlAttribute(String input)
static String	forHtmlContent(String input)
static String	forHtmlUnquotedAttribute(String input)
static String	forJava(String input)
static String	forJavaScript(String input)
static String	forJavaScriptAttribute(String input)
static String	forJavaScriptBlock(String input)
static String	forJavaScriptSource(String input)
static String	forJavaScriptVarName(String input)
static String	forUriComponent(String input)
static String	forXml(String input)
static String	forXmlAttribute(String input)
static String	forXmlComment(String input)
static String	forXmlContent(String input)
static String	forXmlTag(String intag)	Ensure a valid XMLElement name is returned. Uses the XMLChar Replaces spaces by underscores, < by .lt, > by .gt.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

forHtml

public static String forHtml(String input)

See Also:

• Encode.forHtml(String)

forHtmlContent

public static String forHtmlContent(String input)

See Also:

• Encode.forHtmlContent(String)

forHtmlAttribute

public static String forHtmlAttribute(String input)

See Also:

• Encode.forHtmlAttribute(String)

forHtmlUnquotedAttribute

public static String forHtmlUnquotedAttribute(String input)

See Also:

• Encode.forHtmlUnquotedAttribute(String)

forCssString

public static String forCssString(String input)

See Also:

• Encode.forCssString(String)

forCssUrl

public static String forCssUrl(String input)

See Also:

• Encode.forCssUrl(String)

forUriComponent

public static String forUriComponent(String input)

See Also:

• Encode.forUriComponent(String)

forXml

public static String forXml(String input)

See Also:

• Encode.forXml(String)

forXmlContent

public static String forXmlContent(String input)

See Also:

• Encode.forXmlContent(String)

forXmlAttribute

public static String forXmlAttribute(String input)

See Also:

• Encode.forXmlAttribute(String)

forXmlComment

public static String forXmlComment(String input)

See Also:

• Encode.forXmlComment(String)

forCDATA

public static String forCDATA(String input)

See Also:

• Encode.forCDATA(String)

forJava

public static String forJava(String input)

See Also:

• Encode.forJava(String)

forJavaScript

public static String forJavaScript(String input)

See Also:

• Encode.forJavaScript(String)

forJavaScriptAttribute

public static String forJavaScriptAttribute(String input)

See Also:

• Encode.forJavaScriptAttribute(String)

forJavaScriptBlock

public static String forJavaScriptBlock(String input)

See Also:

• Encode.forJavaScriptBlock(String)

forJavaScriptSource

public static String forJavaScriptSource(String input)

See Also:

• Encode.forJavaScriptSource(String)

forJavaScriptVarName

public static String forJavaScriptVarName(String input)

forXmlTag

public static String forXmlTag(String intag)

Ensure a valid XMLElement name is returned.
Uses the XMLChar
Replaces spaces by underscores, < by .lt, > by .gt. and all other characters by '.X.', where is the output of Integer.toHexString()

Parameters:

intag - the source for the element name

Returns:

valid XML element name