Liferay 7.0-ce-b4

com.liferay.portal.kernel.util
Class HtmlUtil

java.lang.Object
  extended by com.liferay.portal.kernel.util.HtmlUtil

public class HtmlUtil
extends Object

Provides utility methods for escaping, rendering, replacing, and stripping HTML text. This class uses XSS recommendations from http://www.owasp.org/index.php/Cross_Site_Scripting#How_to_Protect_Yourself when escaping HTML text.


Constructor Summary
HtmlUtil()
           
 
Method Summary
static String buildData(Map<String,Object> data)
           
static String escape(String text)
          Escapes the text so that it is safe to use in an HTML context.
static String escape(String text, int mode)
          Escapes the input text as a hexadecimal value, based on the mode (type).
static String escapeAttribute(String attribute)
          Escapes the attribute value so that it is safe to use as an attribute value.
static String escapeCSS(String css)
          Escapes the CSS value so that it is safe to use in a CSS context.
static String escapeHREF(String href)
          Escapes the HREF attribute so that it is safe to use as an HREF attribute.
static String escapeJS(String js)
          Escapes the JavaScript value so that it is safe to use in a JavaScript context.
static String escapeJSLink(String link)
           
static String escapeURL(String url)
          Escapes the URL value so that it is safe to use as a URL.
static String escapeXPath(String xPath)
           
static String escapeXPathAttribute(String xPathAttribute)
           
static String extractText(String html)
          Extracts the raw text from the HTML input, compressing its whitespace and removing all attributes, scripts, and styles.
static String fromInputSafe(String text)
           
static String getAUICompatibleId(String html)
           
static Html getHtml()
           
static String render(String html)
          Renders the HTML content into text.
static String replaceMsWordCharacters(String text)
          Deprecated. As of 7.0.0, with no direct replacement
static String replaceNewLine(String html)
          Replaces all new lines or carriage returns with the
HTML tag.
 void setHtml(Html html)
           
static String stripBetween(String text, String tag)
          Strips all content delimited by the tag out of the text.
static String stripComments(String text)
          Strips all XML comments out of the text.
static String stripHtml(String text)
           
static String toInputSafe(String text)
          Encodes the text so that it's safe to use as an HTML input field value.
static String unescape(String text)
           
static String unescapeCDATA(String text)
           
static String wordBreak(String text, int columns)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

HtmlUtil

public HtmlUtil()
Method Detail

buildData

public static String buildData(Map<String,Object> data)

escape

public static String escape(String text)
Escapes the text so that it is safe to use in an HTML context.

Parameters:
text - the text to escape
Returns:
the escaped HTML text, or null if the text is null

escape

public static String escape(String text,
                            int mode)
Escapes the input text as a hexadecimal value, based on the mode (type).

Parameters:
text - the text to escape
mode - the encoding type
Returns:
the escaped hexadecimal value of the input text, based on the mode, or null if the text is null
See Also:
HtmlImpl.escape(String, int)

escapeAttribute

public static String escapeAttribute(String attribute)
Escapes the attribute value so that it is safe to use as an attribute value.

Parameters:
attribute - the attribute to escape
Returns:
the escaped attribute value, or null if the attribute value is null

escapeCSS

public static String escapeCSS(String css)
Escapes the CSS value so that it is safe to use in a CSS context.

Parameters:
css - the CSS value to escape
Returns:
the escaped CSS value, or null if the CSS value is null

escapeHREF

public static String escapeHREF(String href)
Escapes the HREF attribute so that it is safe to use as an HREF attribute.

Parameters:
href - the HREF attribute to escape
Returns:
the escaped HREF attribute, or null if the HREF attribute is null

escapeJS

public static String escapeJS(String js)
Escapes the JavaScript value so that it is safe to use in a JavaScript context.

Parameters:
js - the JavaScript value to escape
Returns:
the escaped JavaScript value, or null if the JavaScript value is null

escapeJSLink

public static String escapeJSLink(String link)

escapeURL

public static String escapeURL(String url)
Escapes the URL value so that it is safe to use as a URL.

Parameters:
url - the URL value to escape
Returns:
the escaped URL value, or null if the URL value is null

escapeXPath

public static String escapeXPath(String xPath)

escapeXPathAttribute

public static String escapeXPathAttribute(String xPathAttribute)

extractText

public static String extractText(String html)
Extracts the raw text from the HTML input, compressing its whitespace and removing all attributes, scripts, and styles.

For example, raw text returned by this method can be stored in a search index.

Parameters:
html - the HTML text
Returns:
the raw text from the HTML input, or null if the HTML input is null

fromInputSafe

public static String fromInputSafe(String text)

getAUICompatibleId

public static String getAUICompatibleId(String html)

getHtml

public static Html getHtml()

render

public static String render(String html)
Renders the HTML content into text. This provides a human readable version of the segment content that is modeled on the way Mozilla Thunderbird® and other email clients provide an automatic conversion of HTML content to text in their alternative MIME encoding of emails.

Using the default settings, the output complies with the Text/Plain; Format=Flowed (DelSp=No) protocol described in RFC-3676.

Parameters:
html - the HTML text
Returns:
the rendered HTML text, or null if the HTML text is null

replaceMsWordCharacters

@Deprecated
public static String replaceMsWordCharacters(String text)
Deprecated. As of 7.0.0, with no direct replacement

Replaces all Microsoft® Word Unicode characters with plain HTML entities or characters.

Parameters:
text - the text
Returns:
the converted text, or null if the text is null

replaceNewLine

public static String replaceNewLine(String html)
Replaces all new lines or carriage returns with the
HTML tag.

Parameters:
html - the text
Returns:
the converted text, or null if the HTML text is null

stripBetween

public static String stripBetween(String text,
                                  String tag)
Strips all content delimited by the tag out of the text.

If the tag appears multiple times, all occurrences (including the tag) are stripped. The tag may have attributes. In order for this method to recognize the tag, it must consist of a separate opening and closing tag. Self-closing tags remain in the result.

Parameters:
text - the text
tag - the tag used for delimiting, which should only be the tag's name (e.g. no <)
Returns:
the text, without the stripped tag and its contents, or null if the text is null

stripComments

public static String stripComments(String text)
Strips all XML comments out of the text.

Parameters:
text - the text
Returns:
the text, without the stripped XML comments, or null if the text is null

stripHtml

public static String stripHtml(String text)

toInputSafe

public static String toInputSafe(String text)
Encodes the text so that it's safe to use as an HTML input field value.

For example, the & character is replaced by &amp;.

Parameters:
text - the text
Returns:
the encoded text that is safe to use as an HTML input field value, or null if the text is null

unescape

public static String unescape(String text)

unescapeCDATA

public static String unescapeCDATA(String text)

wordBreak

public static String wordBreak(String text,
                               int columns)

setHtml

public void setHtml(Html html)

Liferay 7.0-ce-b4