Class EscapeTool
- java.lang.Object
-
- org.apache.velocity.tools.generic.EscapeTool
-
public class EscapeTool extends java.lang.ObjectTool for working with escaping in Velocity templates. It provides methods to escape outputs for Java, JavaScript, HTML, HTTP, XML and SQL. Also provides methods to render VTL characters that otherwise needs escaping.Example uses: $java -> He didn't say, "Stop!" $esc.java($java) -> He didn't say, \"Stop!\" $javascript -> He didn't say, "Stop!" $esc.javascript($javascript) -> He didn\'t say, \"Stop!\" $html -> "bread" & "butter" $esc.html($html) -> "bread" & "butter" $xml -> "bread" & "butter" $esc.xml($xml) -> "bread" & "butter" $sql -> McHale's Navy $esc.sql($sql) -> McHale''s Navy $url -> hello here & there $esc.url -> hello+here+%26+there $esc.dollar -> $ $esc.d -> $ $esc.hash -> # $esc.h -> # $esc.backslash -> \ $esc.b -> \ $esc.quote -> " $esc.q -> " $esc.singleQuote -> ' $esc.s -> ' $esc.exclamation -> ! $esc.e -> ! Example toolbox.xml config (if you want to use this with VelocityView): <tool> <key>esc</key> <scope>application</scope> <class>org.apache.velocity.tools.generic.EscapeTool</class> </tool>
This tool is entirely threadsafe, and has no instance members. It may be used in any scope (request, session, or application).
- Since:
- VelocityTools 1.2
- Version:
- $Id: $
- Author:
- Shinobu Kawai
- See Also:
StringEscapeUtils
-
-
Constructor Summary
Constructors Constructor Description EscapeTool()Default constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected java.lang.StringdumpString(java.lang.String string, boolean key)This code was pulled from the Apache Harmony project.java.lang.StringgetB()Renders a backslash (\).java.lang.StringgetBackslash()Renders a backslash (\).java.lang.StringgetD()Renders a dollar sign ($).java.lang.StringgetDollar()Renders a dollar sign ($).java.lang.StringgetE()Renders an exclamation mark (!).java.lang.StringgetExclamation()Renders an exclamation mark (!).java.lang.StringgetH()Renders a hash (#).java.lang.StringgetHash()Renders a hash (#).java.lang.StringgetQ()Renders a double quotation mark (").java.lang.StringgetQuote()Renders a double quotation mark (").java.lang.StringgetS()Renders a single quotation mark (').java.lang.StringgetSingleQuote()Renders a single quotation mark (').java.lang.Stringhtml(java.lang.Object string)Escapes the characters in aStringusing HTML entities.java.lang.Stringjava(java.lang.Object string)Escapes the characters in aStringusing Java String rules.java.lang.Stringjavascript(java.lang.Object string)Escapes the characters in aStringusing JavaScript String rules.java.lang.StringpropertyKey(java.lang.Object string)Escapes the characters in aStringusing java.util.Properties rules for escaping property keys.java.lang.StringpropertyValue(java.lang.Object string)Escapes the characters in aStringusing java.util.Properties rules for escaping property values.java.lang.Stringsql(java.lang.Object string)Escapes the characters in aStringto be suitable to pass to an SQL query.java.lang.Stringurl(java.lang.Object string)Escape the characters in aStringto be suitable to use as an HTTP parameter value.java.lang.Stringxml(java.lang.Object string)Escapes the characters in aStringusing XML entities.
-
-
-
Method Detail
-
java
public java.lang.String java(java.lang.Object string)
Escapes the characters in aStringusing Java String rules.
Delegates the process toStringEscapeUtils.escapeJava(String).- Parameters:
string- the string to escape values, may be null- Returns:
- String with escaped values,
nullif null string input - See Also:
StringEscapeUtils.escapeJava(String)
-
propertyKey
public java.lang.String propertyKey(java.lang.Object string)
Escapes the characters in aStringusing java.util.Properties rules for escaping property keys.- Parameters:
string- the string to escape values, may be null- Returns:
- String with escaped values,
nullif null string input - See Also:
dumpString(String, boolean)
-
propertyValue
public java.lang.String propertyValue(java.lang.Object string)
Escapes the characters in aStringusing java.util.Properties rules for escaping property values.- Parameters:
string- the string to escape values, may be null- Returns:
- String with escaped values,
nullif null string input - See Also:
dumpString(String, boolean)
-
dumpString
protected java.lang.String dumpString(java.lang.String string, boolean key)This code was pulled from the Apache Harmony project. See https://svn.apache.org/repos/asf/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/java/util/Properties.java
-
javascript
public java.lang.String javascript(java.lang.Object string)
Escapes the characters in aStringusing JavaScript String rules.
Delegates the process toStringEscapeUtils.escapeJavaScript(String).- Parameters:
string- the string to escape values, may be null- Returns:
- String with escaped values,
nullif null string input - See Also:
StringEscapeUtils.escapeJavaScript(String)
-
html
public java.lang.String html(java.lang.Object string)
Escapes the characters in aStringusing HTML entities.
Delegates the process toStringEscapeUtils.escapeHtml(String).- Parameters:
string- the string to escape, may be null- Returns:
- a new escaped
String,nullif null string input - See Also:
StringEscapeUtils.escapeHtml(String)
-
url
public java.lang.String url(java.lang.Object string)
Escape the characters in aStringto be suitable to use as an HTTP parameter value.
Uses UTF-8 as default character encoding.- Parameters:
string- the string to escape, may be null- Returns:
- a new escaped
String,nullif null string input See java.net.URLEncoder#encode(String,String). - Since:
- VelocityTools 1.3
-
xml
public java.lang.String xml(java.lang.Object string)
Escapes the characters in aStringusing XML entities.
Delegates the process toStringEscapeUtils.escapeXml(String).- Parameters:
string- the string to escape, may be null- Returns:
- a new escaped
String,nullif null string input - See Also:
StringEscapeUtils.escapeXml(String)
-
sql
public java.lang.String sql(java.lang.Object string)
Escapes the characters in aStringto be suitable to pass to an SQL query.
Delegates the process toStringEscapeUtils.escapeSql(String).- Parameters:
string- the string to escape, may be null- Returns:
- a new String, escaped for SQL,
nullif null string input - See Also:
StringEscapeUtils.escapeSql(String)
-
getDollar
public java.lang.String getDollar()
Renders a dollar sign ($).- Returns:
- a dollar sign ($).
- See Also:
getD()
-
getD
public java.lang.String getD()
Renders a dollar sign ($).- Returns:
- a dollar sign ($).
- See Also:
getDollar()
-
getHash
public java.lang.String getHash()
Renders a hash (#).- Returns:
- a hash (#).
- See Also:
getH()
-
getH
public java.lang.String getH()
Renders a hash (#).- Returns:
- a hash (#).
- See Also:
getHash()
-
getBackslash
public java.lang.String getBackslash()
Renders a backslash (\).- Returns:
- a backslash (\).
- See Also:
getB()
-
getB
public java.lang.String getB()
Renders a backslash (\).- Returns:
- a backslash (\).
- See Also:
getBackslash()
-
getQuote
public java.lang.String getQuote()
Renders a double quotation mark (").- Returns:
- a double quotation mark (").
- See Also:
getQ()
-
getQ
public java.lang.String getQ()
Renders a double quotation mark (").- Returns:
- a double quotation mark (").
- See Also:
getQuote()
-
getSingleQuote
public java.lang.String getSingleQuote()
Renders a single quotation mark (').- Returns:
- a single quotation mark (').
- See Also:
getS()
-
getS
public java.lang.String getS()
Renders a single quotation mark (').- Returns:
- a single quotation mark (').
- See Also:
getSingleQuote()
-
getExclamation
public java.lang.String getExclamation()
Renders an exclamation mark (!).- Returns:
- an exclamation mark (!).
- See Also:
getE()
-
getE
public java.lang.String getE()
Renders an exclamation mark (!).- Returns:
- an exclamation mark (!).
- See Also:
getExclamation()
-
-