SafeHtmlUtils class
Utility class containing static methods for escaping and sanitizing strings.
class SafeHtmlUtils {
/**
* An empty String.
*/
static final SafeHtml EMPTY_SAFE_HTML = new SafeHtmlString("");
/**
* Returns a {@link SafeHtml} containing the escaped string.
*
* @param s the input String
* @return a {@link SafeHtml} instance
*/
static SafeHtml fromString(String s) {
return new SafeHtmlString(htmlEscape(s));
}
/**
* Returns a {@link SafeHtml} constructed from a trusted string, i.e., without
* escaping the string. No checks are performed. The calling code should be
* carefully reviewed to ensure the argument meets the {@link SafeHtml} contract.
*
* @param s the input String
* @return a {@link SafeHtml} instance
*/
static SafeHtml fromTrustedString(String s) {
return new SafeHtmlString(s);
}
static String htmlEscape(String text) {
return text.replaceAll("&", "&")
.replaceAll("<", "<")
.replaceAll(">", ">")
.replaceAll('"', """)
.replaceAll("'", "'");
}
}
Static Properties
Static Methods
SafeHtml fromString(String s) #
Returns a {@link SafeHtml} containing the escaped string.
@param s the input String @return a {@link SafeHtml} instance
static SafeHtml fromString(String s) {
return new SafeHtmlString(htmlEscape(s));
}
SafeHtml fromTrustedString(String s) #
Returns a {@link SafeHtml} constructed from a trusted string, i.e., without escaping the string. No checks are performed. The calling code should be carefully reviewed to ensure the argument meets the {@link SafeHtml} contract.
@param s the input String @return a {@link SafeHtml} instance
static SafeHtml fromTrustedString(String s) {
return new SafeHtmlString(s);
}
String htmlEscape(String text) #
static String htmlEscape(String text) {
return text.replaceAll("&", "&")
.replaceAll("<", "<")
.replaceAll(">", ">")
.replaceAll('"', """)
.replaceAll("'", "'");
}