commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Chaffee / Purple Technology <>
Subject [lang] StringEscapeUtils
Date Mon, 31 Mar 2003 04:02:55 GMT
I've checked in my first pass at StringEscapeUtils.  It handles Java,
JavaScript, and HTML entity escaping and unescaping. 

There are a few nitpicky issues I'd like some consensus on:

* StringEscapeUtils is a bit much to type for a quick static API call
 -- should we rename it EscapeUtils?  It's not like there will be any
 other type of Escape...

* Java strings can handle raw single-quotes inside strings, but I
 don't think JavaScript can (or at least it's dangerous since a
 JS string may very well have ' as a string delimiter).  So on the
 principle that you should escape only what you have to -- why add an
 unnecessary backslash? -- I made escapeJava pass single quotes
 through.  (Unescape still turns \' into ', of course.)  This is a
 change from the existing StringUtils.escape.

* escapeJava now uses lowercase letters for hex codes.  Are there any
 feelings about switching to capital letters?  I prefer caps (like
 \uCAFE instead of \ucafe) but I could go either way.

* I made use of (and thus contributed) my StringPrintWriter class.  Do
 you think it's useful enough to make it part of the public API (and
 add tests and docs for it)?  


* The HTML escaper builds a static hash table mapping entities to
 ints; I still need to make it initialize this lazily so casual users
 don't pay an up-front penalty (however slight) for linking to the

* XML escape, SQL escape. They're both easy, at least in the first
 pass.  But does anyone know how to escape high-bit and control
 chars in SQL?  (I know that JDBC has its own curly-brace escapes;
 that's out of scope for this function.)

* make StringUtils.escape call StringEscapeUtils.escapeJava &c. instead
 of reimplementing.  I'm happy to leave this one be for a while until 
 people are comfortable with the StringEscapeUtils.

* add a Writer-based version for HTML escape and unescape

* I think it'll be ready to roll for 2.0, but if we decide to
 postpone, I'll have to change the build.xml to exclude it from the

 - Alex

Alex Chaffee                     
Purple Technology - Code and Consulting
jGuru - Java News and FAQs       
Gamelan - the Original Java site 
Stinky - Art and Angst           

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message