Package org.primefaces.util

Class EscapeUtils

java.lang.Object
org.primefaces.util.EscapeUtils
public class EscapeUtils extends Object

Utility methods contained herein must be used strictly for the appropriate context, e.g., HTML, HTML attribute, JS string.

Method calls are delegated to safe and well-tried allowlist encoders from owasp-java-encoding.

  • Method Details

    • forHtml

      public static String forHtml(String input)
      See Also:
      • Encode.forHtml(String)

    • forHtmlContent

      public static String forHtmlContent(String input)
      See Also:
      • Encode.forHtmlContent(String)

    • forHtmlAttribute

      public static String forHtmlAttribute(String input)
      See Also:
      • Encode.forHtmlAttribute(String)

    • forHtmlUnquotedAttribute

      public static String forHtmlUnquotedAttribute(String input)
      See Also:
      • Encode.forHtmlUnquotedAttribute(String)

    • forCssString

      public static String forCssString(String input)
      See Also:
      • Encode.forCssString(String)

    • forCssUrl

      public static String forCssUrl(String input)
      See Also:
      • Encode.forCssUrl(String)

    • forUriComponent

      public static String forUriComponent(String input)
      See Also:
      • Encode.forUriComponent(String)

    • forXml

      public static String forXml(String input)
      See Also:
      • Encode.forXml(String)

    • forXmlContent

      public static String forXmlContent(String input)
      See Also:
      • Encode.forXmlContent(String)

    • forXmlAttribute

      public static String forXmlAttribute(String input)
      See Also:
      • Encode.forXmlAttribute(String)

    • forXmlComment

      public static String forXmlComment(String input)
      See Also:
      • Encode.forXmlComment(String)

    • forCDATA

      public static String forCDATA(String input)
      See Also:
      • Encode.forCDATA(String)

    • forJava

      public static String forJava(String input)
      See Also:
      • Encode.forJava(String)

    • forJavaScript

      public static String forJavaScript(String input)
      See Also:
      • Encode.forJavaScript(String)

    • forJavaScriptAttribute

      public static String forJavaScriptAttribute(String input)
      See Also:
      • Encode.forJavaScriptAttribute(String)

    • forJavaScriptBlock

      public static String forJavaScriptBlock(String input)
      See Also:
      • Encode.forJavaScriptBlock(String)

    • forJavaScriptSource

      public static String forJavaScriptSource(String input)
      See Also:
      • Encode.forJavaScriptSource(String)

    • forJavaScriptVarName

      public static String forJavaScriptVarName(String input)

    • forXmlTag

      public static String forXmlTag(String intag)
      Ensure a valid XMLElement name is returned.
      Uses the XMLChar
      Replaces spaces by underscores, < by .lt, > by .gt. and all other characters by '.X.', where is the output of Integer.toHexString()
      Parameters:
      intag - the source for the element name
      Returns:
      valid XML element name