commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Dunning" <ted.dunn...@gmail.com>
Subject Re: isEscaped
Date Wed, 03 Sep 2008 02:00:34 GMT
Depends on the goal.

An absolutely precise decision may be rather complex.


But a simpler decision that guarantees never to say yes to something that
has any active HTML is much easier.  I think that absence of <'s and only
clearly valid entity references makes that true.  It may be that there are
subtle cases of safely escaped HTML that fall outside this filter.  Whether
that is a problem for you depends on your application.

On Tue, Sep 2, 2008 at 6:32 PM, F. Andy Seidl
<faseidl@myst-technology.com>wrote:

> >> Isn't this a pretty simple regex?  Just look for <'s and &'s without
> entity syntax <<
>
> I suspect that creating a really robust test would involve dealing with a
> number of gotchas.  For example, is this string escaped?
>
> StringEscapeUtils.isHtmlEscaped ("Use this HTML:
> '&lt;b&gt;text&lt;/b&gt;'")
>
> -- fas
>
> F. Andy Seidl
> MyST Technology Partners, Inc.
>
> -----Original Message-----
> From: Ted Dunning [mailto:ted.dunning@gmail.com]
> Sent: Tuesday, September 02, 2008 2:48 PM
> To: Commons Users List
> Subject: Re: isEscaped
>
> Isn't this a pretty simple regex?  Just look for <'s and &'s without entity
> syntax.
>
> On Tue, Sep 2, 2008 at 11:28 AM, Gabriel Reis <bielmooca@gmail.com> wrote:
>
> > Hi,
> >
> > Is there any tool to verify if a String is escaped? Something like this:
> >
> > assertFalse( StringEscapeUtils.isHtmlEscaped("<b>text</b>") );
> >
> > assertTrue( StringEscapeUtils.isHtmlEscaped("&lt;b&gt;text&lt;/b&gt;")
);
> >
> >
> > []s
> > Gabriel
> >
>
>
>
> --
> ted
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
> For additional commands, e-mail: user-help@commons.apache.org
>
>


-- 
ted

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message