HTMLEncoder (java-support 7.4.2 API)

java.lang.Object
- net.shibboleth.utilities.java.support.codec.HTMLEncoder

```
public final class HTMLEncoder
extends Object
```
An HTML encoder derived from the OWASP ESAPI project. The encoded output will be safe for an HTML interpreter as unsafe characters are translated into their safe equivalent.

See Also:

OSJ-69, org.owasp.esapi.Encoder, org.owasp.esapi.reference.DefaultEncoder, org.owasp.esapi.codecs.HTMLEntityCodec

Field Summary

Fields
Modifier and Type	Field and Description
`private static Map<Character,String>`	`CHARACTER_TO_ENTITY_MAP` Map from entity character to name.
`private static String[]`	`HEX` Initialize an array to mark which characters are to be encoded.
`static char[]`	`IMMUNE_HTML` Character set immune from HTML encoding.
`static char[]`	`IMMUNE_HTMLATTR` Character set immune from HTML attribute encoding.
`static char`	`REPLACEMENT_CHAR` Character to replace illegal characters.
`static String`	`REPLACEMENT_HEX` Hex to replace illegal characters.

Constructor Summary

Constructors
Modifier Constructor and Description

private HTMLEncoder()
Constructor.

Constructors
Modifier	Constructor and Description
`private`	`HTMLEncoder()` Constructor.

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`private static boolean`	`containsCharacter(char c, char[] array)` Utility to search a char[] for a specific char.
`private static String`	`encode(char[] immune, String input)` Encode a string for safe use in an HTML entity field.
`private static String`	`encodeCharacter(char[] immune, Character toEncode)` Encodes a character for safe use in an HTML entity field.
`static String`	`encodeForHTML(String input)` Encode data for use in HTML using HTML entity encoding
`static String`	`encodeForHTMLAttribute(String input)` Encode data for use in HTML attributes.
`private static String`	`getHexForNonAlphanumeric(char c)` Lookup the hex value of any character that is not alphanumeric.
`private static Map<Character,String>`	`mkCharacterToEntityMap()` Build an unmodifiable map from entity character to name.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- IMMUNE_HTML
```
@Nonnull
public static final char[] IMMUNE_HTML
```
  Character set immune from HTML encoding.
- IMMUNE_HTMLATTR
```
@Nonnull
public static final char[] IMMUNE_HTMLATTR
```
  Character set immune from HTML attribute encoding.
- REPLACEMENT_CHAR
```
@Nonnull
public static final char REPLACEMENT_CHAR
```
  Character to replace illegal characters.
  
  See Also:
  
  Constant Field Values
- REPLACEMENT_HEX
```
@Nonnull
public static final String REPLACEMENT_HEX
```
  Hex to replace illegal characters.
  
  See Also:
  
  Constant Field Values
- CHARACTER_TO_ENTITY_MAP
```
@Nonnull
private static final Map<Character,String> CHARACTER_TO_ENTITY_MAP
```
  Map from entity character to name.
- HEX
```
@Nonnull
private static final String[] HEX
```
  Initialize an array to mark which characters are to be encoded. Store the hex string for that character to save time later. If the character shouldn't be encoded, then store null.

Constructor Detail
- HTMLEncoder
```
private HTMLEncoder()
```
  Constructor.

Method Detail

encodeForHTML
```
@Nullable
public static String encodeForHTML(@Nullable
                                             String input)
```
Encode data for use in HTML using HTML entity encoding
Note that the following characters: 00-08, 0B-0C, 0E-1F, and 7F-9F
cannot be used in HTML.

Parameters:

input - the text to encode for HTML

Returns:

input encoded for HTML

See Also:

HTML Encodings [wikipedia.org], SGML Specification [w3.org], XML Specification [w3.org]

encodeForHTMLAttribute

@Nullable
public static String encodeForHTMLAttribute(@Nullable
                                                      String input)

Encode data for use in HTML attributes.

Parameters:: input - the text to encode for an HTML attribute
Returns:: input encoded for use as an HTML attribute

encode

@Nonnull
private static String encode(@Nonnull
                                      char[] immune,
                                      @Nonnull
                                      String input)

Encode a string for safe use in an HTML entity field.

Parameters:: immune - characters immune from encoding; input - the string to encode
Returns:: the encoded input

encodeCharacter

@Nonnull
private static String encodeCharacter(@Nonnull
                                               char[] immune,
                                               @Nonnull
                                               Character toEncode)

Encodes a character for safe use in an HTML entity field.

Parameters:: immune - characters immune from encoding; toEncode - the character to encode
Returns:: the encoded character

getHexForNonAlphanumeric

@Nonnull
private static String getHexForNonAlphanumeric(@Nonnull
                                                        char c)

Lookup the hex value of any character that is not alphanumeric.

Parameters:: c - the character to lookup.
Returns:: null if alphanumeric or the character code in hex.

containsCharacter

private static boolean containsCharacter(@Nonnull
                                         char c,
                                         @Nonnull
                                         char[] array)

Utility to search a char[] for a specific char.

Parameters:: c - the char; array - the array
Returns:: whether or not the array contains the char

mkCharacterToEntityMap
```
@Nonnull
private static Map<Character,String> mkCharacterToEntityMap()
```
Build an unmodifiable map from entity character to name.

Returns:

unmodifiable map from entity character to name

Class HTMLEncoder

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

IMMUNE_HTML

IMMUNE_HTMLATTR

REPLACEMENT_CHAR

REPLACEMENT_HEX

CHARACTER_TO_ENTITY_MAP

HEX

Constructor Detail

HTMLEncoder