@Beta @GwtCompatible public final class HtmlEscapers extends Object
Escaper
instances suitable for strings to be included in HTML
attribute values and most elements' text contents. When possible,
avoid manual escaping by using templating systems and high-level APIs that
provide autoescaping.
HTML escaping is particularly tricky: For example, some elements' text contents must not be HTML
escaped. As a result, it is impossible to escape an HTML document
correctly without domain-specific knowledge beyond what HtmlEscapers
provides. We strongly encourage the use of HTML templating systems.
public static Escaper htmlEscaper()
Escaper
instance that escapes HTML metacharacters as
specified by HTML 4.01. The
resulting strings can be used both in attribute values and in most
elements' text contents, provided that the HTML document's character
encoding can encode any non-ASCII code points in the input (as UTF-8 and
other Unicode encodings can).
Note: This escaper only performs minimal escaping to make content
structurally compatible with HTML. Specifically, it does not perform entity
replacement (symbolic or numeric), so it does not replace non-ASCII code
points with character references. This escaper escapes only the following
five ASCII characters: '"&<>
.
Copyright © 2010-2013. All Rights Reserved.