|
Liferay 7.0-ce-b4 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectcom.liferay.portal.kernel.util.HtmlUtil
public class HtmlUtil
Provides utility methods for escaping, rendering, replacing, and stripping HTML text. This class uses XSS recommendations from http://www.owasp.org/index.php/Cross_Site_Scripting#How_to_Protect_Yourself when escaping HTML text.
| Constructor Summary | |
|---|---|
HtmlUtil()
|
|
| Method Summary | |
|---|---|
static String |
buildData(Map<String,Object> data)
|
static String |
escape(String text)
Escapes the text so that it is safe to use in an HTML context. |
static String |
escape(String text,
int mode)
Escapes the input text as a hexadecimal value, based on the mode (type). |
static String |
escapeAttribute(String attribute)
Escapes the attribute value so that it is safe to use as an attribute value. |
static String |
escapeCSS(String css)
Escapes the CSS value so that it is safe to use in a CSS context. |
static String |
escapeHREF(String href)
Escapes the HREF attribute so that it is safe to use as an HREF attribute. |
static String |
escapeJS(String js)
Escapes the JavaScript value so that it is safe to use in a JavaScript context. |
static String |
escapeJSLink(String link)
|
static String |
escapeURL(String url)
Escapes the URL value so that it is safe to use as a URL. |
static String |
escapeXPath(String xPath)
|
static String |
escapeXPathAttribute(String xPathAttribute)
|
static String |
extractText(String html)
Extracts the raw text from the HTML input, compressing its whitespace and removing all attributes, scripts, and styles. |
static String |
fromInputSafe(String text)
|
static String |
getAUICompatibleId(String html)
|
static Html |
getHtml()
|
static String |
render(String html)
Renders the HTML content into text. |
static String |
replaceMsWordCharacters(String text)
Deprecated. As of 7.0.0, with no direct replacement |
static String |
replaceNewLine(String html)
Replaces all new lines or carriage returns with the
HTML tag. |
void |
setHtml(Html html)
|
static String |
stripBetween(String text,
String tag)
Strips all content delimited by the tag out of the text. |
static String |
stripComments(String text)
Strips all XML comments out of the text. |
static String |
stripHtml(String text)
|
static String |
toInputSafe(String text)
Encodes the text so that it's safe to use as an HTML input field value. |
static String |
unescape(String text)
|
static String |
unescapeCDATA(String text)
|
static String |
wordBreak(String text,
int columns)
|
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public HtmlUtil()
| Method Detail |
|---|
public static String buildData(Map<String,Object> data)
public static String escape(String text)
text - the text to escape
null if the text is
null
public static String escape(String text,
int mode)
text - the text to escapemode - the encoding type
null if the text is nullHtmlImpl.escape(String, int)public static String escapeAttribute(String attribute)
attribute - the attribute to escape
null if the
attribute value is nullpublic static String escapeCSS(String css)
css - the CSS value to escape
null if the CSS value is
nullpublic static String escapeHREF(String href)
href - the HREF attribute to escape
null if the HREF
attribute is nullpublic static String escapeJS(String js)
js - the JavaScript value to escape
null if the
JavaScript value is nullpublic static String escapeJSLink(String link)
public static String escapeURL(String url)
url - the URL value to escape
null if the URL value is
nullpublic static String escapeXPath(String xPath)
public static String escapeXPathAttribute(String xPathAttribute)
public static String extractText(String html)
For example, raw text returned by this method can be stored in a search index.
html - the HTML text
null if the
HTML input is nullpublic static String fromInputSafe(String text)
public static String getAUICompatibleId(String html)
public static Html getHtml()
public static String render(String html)
Using the default settings, the output complies with the
Text/Plain; Format=Flowed (DelSp=No) protocol described in
RFC-3676.
html - the HTML text
null if the HTML text is
null@Deprecated public static String replaceMsWordCharacters(String text)
text - the text
null if the text is
nullpublic static String replaceNewLine(String html)
HTML tag.
html - the text
null if the HTML text is
null
public static String stripBetween(String text,
String tag)
If the tag appears multiple times, all occurrences (including the tag) are stripped. The tag may have attributes. In order for this method to recognize the tag, it must consist of a separate opening and closing tag. Self-closing tags remain in the result.
text - the texttag - the tag used for delimiting, which should only be the tag's
name (e.g. no <)
null if the text is nullpublic static String stripComments(String text)
text - the text
null
if the text is nullpublic static String stripHtml(String text)
public static String toInputSafe(String text)
For example, the & character is replaced by
&.
text - the text
null if the text is nullpublic static String unescape(String text)
public static String unescapeCDATA(String text)
public static String wordBreak(String text,
int columns)
public void setHtml(Html html)
|
Liferay 7.0-ce-b4 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||