HTMLEncoder

java.lang.Object
- net.shibboleth.utilities.java.support.codec.HTMLEncoder

```
public final class HTMLEncoder
extends java.lang.Object
```
An HTML encoder derived from the OWASP ESAPI project. The encoded output will be safe for an HTML interpreter as unsafe characters are translated into their safe equivalent.

See Also:

OSJ-69, org.owasp.esapi.Encoder, org.owasp.esapi.reference.DefaultEncoder, org.owasp.esapi.codecs.HTMLEntityCodec

Field Summary

Fields
Modifier and Type	Field and Description
`private static java.util.Map<java.lang.Character,java.lang.String>`	`CHARACTER_TO_ENTITY_MAP` Map from entity character to name.
`private static java.lang.String[]`	`HEX` Initialize an array to mark which characters are to be encoded.
`static char[]`	`IMMUNE_HTML` Character set immune from HTML encoding.
`static char[]`	`IMMUNE_HTMLATTR` Character set immune from HTML attribute encoding.
`static char`	`REPLACEMENT_CHAR` Character to replace illegal characters.
`static java.lang.String`	`REPLACEMENT_HEX` Hex to replace illegal characters.

Constructor Summary

Constructors
Modifier Constructor and Description

private HTMLEncoder()
Constructor.

Constructors
Modifier	Constructor and Description
`private`	`HTMLEncoder()` Constructor.

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`private static boolean`	`containsCharacter(char c, char[] array)` Utility to search a char[] for a specific char.
`private static java.lang.String`	`encode(char[] immune, java.lang.String input)` Encode a string for safe use in an HTML entity field.
`private static java.lang.String`	`encodeCharacter(char[] immune, java.lang.Character toEncode)` Encodes a character for safe use in an HTML entity field.
`static java.lang.String`	`encodeForHTML(java.lang.String input)` Encode data for use in HTML using HTML entity encoding
`static java.lang.String`	`encodeForHTMLAttribute(java.lang.String input)` Encode data for use in HTML attributes.
`private static java.lang.String`	`getHexForNonAlphanumeric(char c)` Lookup the hex value of any character that is not alphanumeric.
`private static java.util.Map<java.lang.Character,java.lang.String>`	`mkCharacterToEntityMap()` Build an unmodifiable map from entity character to name.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - IMMUNE_HTML
```
@Nonnull
public static final char[] IMMUNE_HTML
```
    Character set immune from HTML encoding.
  - IMMUNE_HTMLATTR
```
@Nonnull
public static final char[] IMMUNE_HTMLATTR
```
    Character set immune from HTML attribute encoding.
  - REPLACEMENT_CHAR
```
@Nonnull
public static final char REPLACEMENT_CHAR
```
    Character to replace illegal characters.
    
    See Also:
    
    Constant Field Values
  - REPLACEMENT_HEX
```
@Nonnull
public static final java.lang.String REPLACEMENT_HEX
```
    Hex to replace illegal characters.
    
    See Also:
    
    Constant Field Values
  - CHARACTER_TO_ENTITY_MAP
```
@Nonnull
private static final java.util.Map<java.lang.Character,java.lang.String> CHARACTER_TO_ENTITY_MAP
```
    Map from entity character to name.
  - HEX
```
@Nonnull
private static final java.lang.String[] HEX
```
    Initialize an array to mark which characters are to be encoded. Store the hex string for that character to save time later. If the character shouldn't be encoded, then store null.
- Constructor Detail
  - HTMLEncoder
```
private HTMLEncoder()
```
    Constructor.
- Method Detail
  - encodeForHTML
```
@Nullable
public static java.lang.String encodeForHTML(@Nullable
                                                       java.lang.String input)
```
    Encode data for use in HTML using HTML entity encoding
    Note that the following characters: 00-08, 0B-0C, 0E-1F, and 7F-9F
    cannot be used in HTML.
    
    Parameters:
    
    input - the text to encode for HTML
    
    Returns:
    
    input encoded for HTML
    
    See Also:
    
    HTML Encodings [wikipedia.org], SGML Specification [w3.org], XML Specification [w3.org]
  - encodeForHTMLAttribute
```
@Nullable
public static java.lang.String encodeForHTMLAttribute(@Nullable
                                                                java.lang.String input)
```
    Encode data for use in HTML attributes.
    
    Parameters:
    
    input - the text to encode for an HTML attribute
    
    Returns:
    
    input encoded for use as an HTML attribute
  - encode
```
@Nonnull
private static java.lang.String encode(@Nonnull
                                                char[] immune,
                                                @Nonnull
                                                java.lang.String input)
```
    Encode a string for safe use in an HTML entity field.
    
    Parameters:
    
    immune - characters immune from encoding
    
    input - the string to encode
    
    Returns:
    
    the encoded input
  - encodeCharacter
```
@Nonnull
private static java.lang.String encodeCharacter(@Nonnull
                                                         char[] immune,
                                                         @Nonnull
                                                         java.lang.Character toEncode)
```
    Encodes a character for safe use in an HTML entity field.
    
    Parameters:
    
    immune - characters immune from encoding
    
    toEncode - the character to encode
    
    Returns:
    
    the encoded character
  - getHexForNonAlphanumeric
```
@Nonnull
private static java.lang.String getHexForNonAlphanumeric(@Nonnull
                                                                  char c)
```
    Lookup the hex value of any character that is not alphanumeric.
    
    Parameters:
    
    c - the character to lookup.
    
    Returns:
    
    null if alphanumeric or the character code in hex.
  - containsCharacter
```
private static boolean containsCharacter(@Nonnull
                                         char c,
                                         @Nonnull
                                         char[] array)
```
    Utility to search a char[] for a specific char.
    
    Parameters:
    
    c - the char
    
    array - the array
    
    Returns:
    
    whether or not the array contains the char
  - mkCharacterToEntityMap
```
@Nonnull
private static java.util.Map<java.lang.Character,java.lang.String> mkCharacterToEntityMap()
```
    Build an unmodifiable map from entity character to name.
    
    Returns:
    
    unmodifiable map from entity character to name

Class HTMLEncoder

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

IMMUNE_HTML

IMMUNE_HTMLATTR

REPLACEMENT_CHAR

REPLACEMENT_HEX

CHARACTER_TO_ENTITY_MAP

HEX

Constructor Detail

HTMLEncoder

Method Detail

encodeForHTML

encodeForHTMLAttribute

encode

encodeCharacter

getHexForNonAlphanumeric

containsCharacter

mkCharacterToEntityMap