commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Garrett Smith" <dhtmlkitc...@gmail.com>
Subject Re: isEscaped
Date Wed, 03 Sep 2008 02:39:34 GMT
On Tue, Sep 2, 2008 at 7:00 PM, Ted Dunning <ted.dunning@gmail.com> wrote:
> Depends on the goal.
>
> An absolutely precise decision may be rather complex.
>
>
> But a simpler decision that guarantees never to say yes to something that
> has any active HTML is much easier.  I think that absence of <'s and only
> clearly valid entity references makes that true.  It may be that there are
> subtle cases of safely escaped HTML that fall outside this filter.  Whether
> that is a problem for you depends on your application.
>

this & that ?

There are many entities. HTML Entities, XML Entities.

isEscaped would have to account for a negation of all of unescaped entities.

not: < | ' | " | & | \u00a0 should suffice reasonably well. The last
one is nbsp or #160/

Garrett

> On Tue, Sep 2, 2008 at 6:32 PM, F. Andy Seidl
> <faseidl@myst-technology.com>wrote:
>
>> >> Isn't this a pretty simple regex?  Just look for <'s and &'s without
>> entity syntax <<
>>
>> I suspect that creating a really robust test would involve dealing with a
>> number of gotchas.  For example, is this string escaped?
>>
>> StringEscapeUtils.isHtmlEscaped ("Use this HTML:
>> '&lt;b&gt;text&lt;/b&gt;'")
>>
>> -- fas
>>
>> F. Andy Seidl
>> MyST Technology Partners, Inc.
>>
>> -----Original Message-----
>> From: Ted Dunning [mailto:ted.dunning@gmail.com]
>> Sent: Tuesday, September 02, 2008 2:48 PM
>> To: Commons Users List
>> Subject: Re: isEscaped
>>
>> Isn't this a pretty simple regex?  Just look for <'s and &'s without entity
>> syntax.
>>
>> On Tue, Sep 2, 2008 at 11:28 AM, Gabriel Reis <bielmooca@gmail.com> wrote:
>>
>> > Hi,
>> >
>> > Is there any tool to verify if a String is escaped? Something like this:
>> >
>> > assertFalse( StringEscapeUtils.isHtmlEscaped("<b>text</b>") );
>> >
>> > assertTrue( StringEscapeUtils.isHtmlEscaped("&lt;b&gt;text&lt;/b&gt;")
);
>> >
>> >
>> > []s
>> > Gabriel
>> >
>>
>>
>>
>> --
>> ted
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
>> For additional commands, e-mail: user-help@commons.apache.org
>>
>>
>
>
> --
> ted
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org


Mime
View raw message