Re: [jetty-users] Escape HTML in Jetty

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Escape HTML in Jetty

From: Greg Wilkins <gregw@xxxxxxxxxxx>
Date: Tue, 6 Mar 2018 08:18:57 +1100
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Alex,

note that we don't really represent our libraries as good for content generation, as they are mostly hidden from webapps and only exposed to embedded usage. But sanitizeXmlString should work for HTML escaping as it does < > " \ and &. But you'd better check that there are not other characters that need to be encoded for safe HTML injection.

cheers

On 6 March 2018 at 06:01, Alexander Farber <alexander.farber@xxxxxxxxx> wrote:

Good evening,

what would be a method in Jetty to escape HTML characters in a String?

Is StringUtil.sanitizeXmlString() suitable for that?

Thank you
Alex

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

Greg Wilkins <gregw@xxxxxxxxxxx> CTO http://webtide.com

References:
- [jetty-users] Escape HTML in Jetty
  - From: Alexander Farber

Prev by Date: [jetty-users] Escape HTML in Jetty
Next by Date: [jetty-users] Executable jar file for embedded jetty application
Previous by thread: [jetty-users] Escape HTML in Jetty
Next by thread: Re: [jetty-users] Escape HTML in Jetty
Index(es):
- Date
- Thread

Breadcrumbs