Method for escaping HTML in Java

Question

Is there a recommended way to escape <, >, " and & characters when outputting HTML in plain Java code? (Other than manually doing the following, that is).

String source = "The less than sign (<) and ampersand (&) must be escaped before using them in HTML";
String escaped = source.replace("<", "&lt;").replace("&", "&amp;"); // ...

developer_1 · Answer 1 · Jan 9, 2019

242

StringEscapeUtils from Apache Commons Lang:

import static org.apache.commons.lang.StringEscapeUtils.escapeHtml;
// ...
String source = "The less than sign (<) and ampersand (&) must be escaped before using them in HTML";
String escaped = escapeHtml(source);

For version 3:

import static org.apache.commons.lang3.StringEscapeUtils.escapeHtml4;
// ...
String escaped = escapeHtml4(source);

answered Jan 9, 2019 by developer_1
• 3,320 points

Method for escaping HTML in Java

Your comment on this question:

1 answer to this question.

Your answer

Your comment on this answer:

Related Questions In Java

Overloaded method for null in Java

I am learning looping statements. Can you tell me how 'for-each' works in Java?

What is the use of toString method in Java and how can I use it ?

concat() vs “+” operator : In Java for String concatenation

What is $route service in AngularJs?

Error:Unable to instantiate default tuplizer [org.hibernate.tuple.entity.PojoEntityTuplizer]

How to detect a SQL table's existence in Java?

Error:npm install won't install devDependencies

Xpath in Java for accessing OWL Document

Check if a String is numeric in Java

Subscribe to our Newsletter, and get personalized recommendations.

TRENDING CERTIFICATION COURSES

TRENDING MASTERS COURSES

COMPANY

WORK WITH US

DOWNLOAD APP

CATEGORIES

CATEGORIES

TRENDING BLOG ARTICLES

TRENDING BLOG ARTICLES