Java Source Code Display
package mons.
import java.io.IOE
import java.io.StringW
import java.io.W
import java.util.L
import mons.lang.exception.NestableRuntimeE
* &p&Escapes and unescapes &code&String&/code&s for
* Java, Java Script, HTML, XML, and SQL.&/p&
* @author Apache Software Foundation
* @author Apache Jakarta Turbine
* @author Purple Technology
* @author &a href="mailto:alex&#"&Alexander Day Chaffee&/a&
* @author Antony Riley
* @author Helge Tesgaard
* @author &a href="sean&#"&Sean Brown&/a&
* @author &a href="mailto:ggregory&#"&Gary Gregory&/a&
* @author Phil Steitz
* @author Pete Gieser
* @since 2.0
* @version $Id: StringEscapeUtils.java 0-02-02 14:03:32Z niallp $
public class StringEscapeUtils {
private static final char CSV_DELIMITER = ',';
private static final char CSV_QUOTE = '"';
private static final String CSV_QUOTE_STR = String.valueOf(CSV_QUOTE);
private static final char[] CSV_SEARCH_CHARS = new char[] {CSV_DELIMITER, CSV_QUOTE, CharUtils.CR, CharUtils.LF};
* &p&&code&StringEscapeUtils&/code& instances should NOT be constructed in
* standard programming.&/p&
* &p&Instead, the class should be used as:
* &pre&StringEscapeUtils.escapeJava("foo");&/pre&&/p&
* &p&This constructor is public to permit tools that require a JavaBean
* instance to operate.&/p&
public StringEscapeUtils() {
* &p&Escapes the characters in a &code&String&/code& using Java String rules.&/p&
* &p&Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.) &/p&
* &p&So a tab becomes the characters &code&'\\'&/code& and
* &code&'t'&/code&.&/p&
* &p&The only difference between Java strings and JavaScript strings
* is that in JavaScript, a single quote must be escaped.&/p&
* &p&Example:
* input string: He didn't say, "Stop!"
* output string: He didn't say, \"Stop!\"
* @param str
String to escape values in, may be null
* @return String with escaped values, &code&null&/code& if null string input
public static String escapeJava(String str) {
return escapeJavaStyleString(str, false, false);
* &p&Escapes the characters in a &code&String&/code& using Java String rules to
* a &code&Writer&/code&.&/p&
* &p&A &code&null&/code& string input has no effect.&/p&
* @see #escapeJava(java.lang.String)
* @param out
Writer to write escaped string into
* @param str
String to escape values in, may be null
* @throws IllegalArgumentException if the Writer is &code&null&/code&
* @throws IOException if error occurs on underlying Writer
public static void escapeJava(Writer out, String str) throws IOException {
escapeJavaStyleString(out, str, false, false);
* &p&Escapes the characters in a &code&String&/code& using JavaScript String rules.&/p&
* &p&Escapes any values it finds into their JavaScript String form.
* Deals correctly with quotes and control-chars (tab, backslash, cr, ff, etc.) &/p&
* &p&So a tab becomes the characters &code&'\\'&/code& and
* &code&'t'&/code&.&/p&
* &p&The only difference between Java strings and JavaScript strings
* is that in JavaScript, a single quote must be escaped.&/p&
* &p&Example:
* input string: He didn't say, "Stop!"
* output string: He didn\'t say, \"Stop!\"
* @param str
String to escape values in, may be null
* @return String with escaped values, &code&null&/code& if null string input
public static String escapeJavaScript(String str) {
return escapeJavaStyleString(str, true, true);
* &p&Escapes the characters in a &code&String&/code& using JavaScript String rules
* to a &code&Writer&/code&.&/p&
* &p&A &code&null&/code& string input has no effect.&/p&
* @see #escapeJavaScript(java.lang.String)
* @param out
Writer to write escaped string into
* @param str
String to escape values in, may be null
* @throws IllegalArgumentException if the Writer is &code&null&/code&
* @throws IOException if error occurs on underlying Writer
public static void escapeJavaScript(Writer out, String str) throws IOException {
escapeJavaStyleString(out, str, true, true);
* &p&Worker method for the {@link #escapeJavaScript(String)} method.&/p&
* @param str String to escape values in, may be null
* @param escapeSingleQuotes escapes single quotes if &code&true&/code&
* @param escapeForwardSlash TODO
* @return the escaped string
private static String escapeJavaStyleString(String str, boolean escapeSingleQuotes, boolean escapeForwardSlash) {
if (str == null) {
StringWriter writer = new StringWriter(str.length() * 2);
escapeJavaStyleString(writer, str, escapeSingleQuotes, escapeForwardSlash);
return writer.toString();
} catch (IOException ioe) {
throw new UnhandledException(ioe);
* &p&Worker method for the {@link #escapeJavaScript(String)} method.&/p&
* @param out write to receieve the escaped string
* @param str String to escape values in, may be null
* @param escapeSingleQuote escapes single quotes if &code&true&/code&
* @param escapeForwardSlash TODO
* @throws IOException if an IOException occurs
private static void escapeJavaStyleString(Writer out, String str, boolean escapeSingleQuote,
boolean escapeForwardSlash) throws IOException {
if (out == null) {
throw new IllegalArgumentException("The Writer must not be null");
if (str == null) {
sz = str.length();
for (int i = 0; i & i++) {
char ch = str.charAt(i);
// handle unicode
if (ch & 0xfff) {
out.write("\\u" + hex(ch));
} else if (ch & 0xff) {
out.write("\\u0" + hex(ch));
} else if (ch & 0x7f) {
out.write("\\u00" + hex(ch));
} else if (ch & 32) {
switch (ch) {
case '\b' :
out.write('\\');
out.write('b');
case '\n' :
out.write('\\');
out.write('n');
case '\t' :
out.write('\\');
out.write('t');
case '\f' :
out.write('\\');
out.write('f');
case '\r' :
out.write('\\');
out.write('r');
if (ch & 0xf) {
out.write("\\u00" + hex(ch));
out.write("\\u000" + hex(ch));
switch (ch) {
case '\'' :
if (escapeSingleQuote) {
out.write('\\');
out.write('\'');
case '"' :
out.write('\\');
out.write('"');
case '\\' :
out.write('\\');
out.write('\\');
case '/' :
if (escapeForwardSlash) {
out.write('\\');
out.write('/');
out.write(ch);
* &p&Returns an upper case hexadecimal &code&String&/code& for the given
* character.&/p&
* @param ch The character to convert.
* @return An upper case hexadecimal &code&String&/code&
private static String hex(char ch) {
return Integer.toHexString(ch).toUpperCase(Locale.ENGLISH);
* &p&Unescapes any Java literals found in the &code&String&/code&.
* For example, it will turn a sequence of &code&'\'&/code& and
* &code&'n'&/code& into a newline character, unless the &code&'\'&/code&
* is preceded by another &code&'\'&/code&.&/p&
* @param str
the &code&String&/code& to unescape, may be null
* @return a new unescaped &code&String&/code&, &code&null&/code& if null string input
public static String unescapeJava(String str) {
if (str == null) {
StringWriter writer = new StringWriter(str.length());
unescapeJava(writer, str);
return writer.toString();
} catch (IOException ioe) {
// this should never ever happen while writing to a StringWriter
throw new UnhandledException(ioe);
* &p&Unescapes any Java literals found in the &code&String&/code& to a
* &code&Writer&/code&.&/p&
* &p&For example, it will turn a sequence of &code&'\'&/code& and
* &code&'n'&/code& into a newline character, unless the &code&'\'&/code&
* is preceded by another &code&'\'&/code&.&/p&
* &p&A &code&null&/code& string input has no effect.&/p&
* @param out
the &code&Writer&/code& used to output unescaped characters
* @param str
the &code&String&/code& to unescape, may be null
* @throws IllegalArgumentException if the Writer is &code&null&/code&
* @throws IOException if error occurs on underlying Writer
public static void unescapeJava(Writer out, String str) throws IOException {
if (out == null) {
throw new IllegalArgumentException("The Writer must not be null");
if (str == null) {
int sz = str.length();
StringBuffer unicode = new StringBuffer(4);
boolean hadSlash =
boolean inUnicode =
for (int i = 0; i & i++) {
char ch = str.charAt(i);
if (inUnicode) {
// if in unicode, then we're reading unicode
// values in somehow
unicode.append(ch);
if (unicode.length() == 4) {
// unicode now contains the four hex digits
// which represents our unicode character
int value = Integer.parseInt(unicode.toString(), 16);
out.write((char) value);
unicode.setLength(0);
inUnicode =
hadSlash =
} catch (NumberFormatException nfe) {
throw new NestableRuntimeException("Unable to parse unicode value: " + unicode, nfe);
if (hadSlash) {
// handle an escaped value
hadSlash =
switch (ch) {
case '\\':
out.write('\\');
case '\'':
out.write('\'');
case '\"':
out.write('"');
out.write('\r');
out.write('\f');
out.write('\t');
out.write('\n');
out.write('\b');
// uh-oh, we're in unicode country....
inUnicode =
out.write(ch);
} else if (ch == '\\') {
hadSlash =
out.write(ch);
if (hadSlash) {
// then we're in the weird case of a \ at the end of the
// string, let's output it anyway.
out.write('\\');
* &p&Unescapes any JavaScript literals found in the &code&String&/code&.&/p&
* &p&For example, it will turn a sequence of &code&'\'&/code& and &code&'n'&/code&
* into a newline character, unless the &code&'\'&/code& is preceded by another
* &code&'\'&/code&.&/p&
* @see #unescapeJava(String)
* @param str
the &code&String&/code& to unescape, may be null
* @return A new unescaped &code&String&/code&, &code&null&/code& if null string input
public static String unescapeJavaScript(String str) {
return unescapeJava(str);
* &p&Unescapes any JavaScript literals found in the &code&String&/code& to a
* &code&Writer&/code&.&/p&
* &p&For example, it will turn a sequence of &code&'\'&/code& and &code&'n'&/code&
* into a newline character, unless the &code&'\'&/code& is preceded by another
* &code&'\'&/code&.&/p&
* &p&A &code&null&/code& string input has no effect.&/p&
* @see #unescapeJava(Writer,String)
* @param out
the &code&Writer&/code& used to output unescaped characters
* @param str
the &code&String&/code& to unescape, may be null
* @throws IllegalArgumentException if the Writer is &code&null&/code&
* @throws IOException if error occurs on underlying Writer
public static void unescapeJavaScript(Writer out, String str) throws IOException {
unescapeJava(out, str);
// HTML and XML
//--------------------------------------------------------------------------
* &p&Escapes the characters in a &code&String&/code& using HTML entities.&/p&
* For example:
* &p&&code&"bread" & "butter"&/code&&/p&
* becomes:
* &code&&bread& & &butter&&/code&.
* &p&Supports all known HTML 4.0 entities, including funky accents.
* Note that the commonly used apostrophe escape character (&)
* is not a legal entity and so is not supported). &/p&
* @param str
the &code&String&/code& to escape, may be null
* @return a new escaped &code&String&/code&, &code&null&/code& if null string input
* @see #unescapeHtml(String)
* @see &a href=""&ISO Entities&/a&
* @see &a href=""&HTML 3.2 Character Entities for ISO Latin-1&/a&
* @see &a href=""&HTML 4.0 Character entity references&/a&
* @see &a href=""&HTML 4.01 Character References&/a&
* @see &a href=""&HTML 4.01 Code positions&/a&
public static String escapeHtml(String str) {
if (str == null) {
StringWriter writer = new StringWriter ((int)(str.length() * 1.5));
escapeHtml(writer, str);
return writer.toString();
} catch (IOException ioe) {
//should be impossible
throw new UnhandledException(ioe);
* &p&Escapes the characters in a &code&String&/code& using HTML entities and writes
* them to a &code&Writer&/code&.&/p&
* For example:
* &code&"bread" & "butter"&/code&
* &p&becomes:&/p&
* &code&&bread& & &butter&&/code&.
* &p&Supports all known HTML 4.0 entities, including funky accents.
* Note that the commonly used apostrophe escape character (&)
* is not a legal entity and so is not supported). &/p&
* @param writer
the writer receiving the escaped string, not null
* @param string
the &code&String&/code& to escape, may be null
* @throws IllegalArgumentException if the writer is null
* @throws IOException when &code&Writer&/code& passed throws the exception from
calls to the {@link Writer#write(int)} methods.
* @see #escapeHtml(String)
* @see #unescapeHtml(String)
* @see &a href=""&ISO Entities&/a&
* @see &a href=""&HTML 3.2 Character Entities for ISO Latin-1&/a&
* @see &a href=""&HTML 4.0 Character entity references&/a&
* @see &a href=""&HTML 4.01 Character References&/a&
* @see &a href=""&HTML 4.01 Code positions&/a&
public static void escapeHtml(Writer writer, String string) throws IOException {
if (writer == null ) {
throw new IllegalArgumentException ("The Writer must not be null.");
if (string == null) {
Entities.HTML40.escape(writer, string);
//-----------------------------------------------------------------------
* &p&Unescapes a string containing entity escapes to a string
* containing the actual Unicode characters corresponding to the
* escapes. Supports HTML 4.0 entities.&/p&
* &p&For example, the string "&Fran&ais&"
* will become "&Fran&ais&"&/p&
* &p&If an entity is unrecognized, it is left alone, and inserted
* verbatim into the result string. e.g. "&&x" will
* become "&&x".&/p&
* @param str
the &code&String&/code& to unescape, may be null
* @return a new unescaped &code&String&/code&, &code&null&/code& if null string input
* @see #escapeHtml(Writer, String)
public static String unescapeHtml(String str) {
if (str == null) {
StringWriter writer = new StringWriter ((int)(str.length() * 1.5));
unescapeHtml(writer, str);
return writer.toString();
} catch (IOException ioe) {
//should be impossible
throw new UnhandledException(ioe);
* &p&Unescapes a string containing entity escapes to a string
* containing the actual Unicode characters corresponding to the
* escapes. Supports HTML 4.0 entities.&/p&
* &p&For example, the string "&Fran&ais&"
* will become "&Fran&ais&"&/p&
* &p&If an entity is unrecognized, it is left alone, and inserted
* verbatim into the result string. e.g. "&&x" will
* become "&&x".&/p&
* @param writer
the writer receiving the unescaped string, not null
* @param string
the &code&String&/code& to unescape, may be null
* @throws IllegalArgumentException if the writer is null
* @throws IOException if an IOException occurs
* @see #escapeHtml(String)
public static void unescapeHtml(Writer writer, String string) throws IOException {
if (writer == null ) {
throw new IllegalArgumentException ("The Writer must not be null.");
if (string == null) {
Entities.HTML40.unescape(writer, string);
//-----------------------------------------------------------------------
* &p&Escapes the characters in a &code&String&/code& using XML entities.&/p&
* &p&For example: &tt&"bread" & "butter"&/tt& =&
* &tt&&bread& & &butter&&/tt&.
* &p&Supports only the five basic XML entities (gt, lt, quot, amp, apos).
* Does not support DTDs or external entities.&/p&
* &p&Note that unicode characters greater than 0x7f are currently escaped to
their numerical \\u equivalent. This may change in future releases. &/p&
* @param writer
the writer receiving the unescaped string, not null
* @param str
the &code&String&/code& to escape, may be null
* @throws IllegalArgumentException if the writer is null
* @throws IOException if there is a problem writing
* @see #unescapeXml(java.lang.String)
public static void escapeXml(Writer writer, String str) throws IOException {
if (writer == null ) {
throw new IllegalArgumentException ("The Writer must not be null.");
if (str == null) {
Entities.XML.escape(writer, str);
* &p&Escapes the characters in a &code&String&/code& using XML entities.&/p&
* &p&For example: &tt&"bread" & "butter"&/tt& =&
* &tt&&bread& & &butter&&/tt&.
* &p&Supports only the five basic XML entities (gt, lt, quot, amp, apos).
* Does not support DTDs or external entities.&/p&
* &p&Note that unicode characters greater than 0x7f are currently escaped to
their numerical \\u equivalent. This may change in future releases. &/p&
* @param str
the &code&String&/code& to escape, may be null
* @return a new escaped &code&String&/code&, &code&null&/code& if null string input
* @see #unescapeXml(java.lang.String)
public static String escapeXml(String str) {
if (str == null) {
return Entities.XML.escape(str);
//-----------------------------------------------------------------------
* &p&Unescapes a string containing XML entity escapes to a string
* containing the actual Unicode characters corresponding to the
* escapes.&/p&
* &p&Supports only the five basic XML entities (gt, lt, quot, amp, apos).
* Does not support DTDs or external entities.&/p&
* &p&Note that numerical \\u unicode codes are unescaped to their respective
unicode characters. This may change in future releases. &/p&
* @param writer
the writer receiving the unescaped string, not null
* @param str
the &code&String&/code& to unescape, may be null
* @throws IllegalArgumentException if the writer is null
* @throws IOException if there is a problem writing
* @see #escapeXml(String)
public static void unescapeXml(Writer writer, String str) throws IOException {
if (writer == null ) {
throw new IllegalArgumentException ("The Writer must not be null.");
if (str == null) {
Entities.XML.unescape(writer, str);
* &p&Unescapes a string containing XML entity escapes to a string
* containing the actual Unicode characters corresponding to the
* escapes.&/p&
* &p&Supports only the five basic XML entities (gt, lt, quot, amp, apos).
* Does not support DTDs or external entities.&/p&
* &p&Note that numerical \\u unicode codes are unescaped to their respective
unicode characters. This may change in future releases. &/p&
* @param str
the &code&String&/code& to unescape, may be null
* @return a new unescaped &code&String&/code&, &code&null&/code& if null string input
* @see #escapeXml(String)
public static String unescapeXml(String str) {
if (str == null) {
return Entities.XML.unescape(str);
//-----------------------------------------------------------------------
* &p&Escapes the characters in a &code&String&/code& to be suitable to pass to
* an SQL query.&/p&
* &p&For example,
* &pre&statement.executeQuery("SELECT * FROM MOVIES WHERE TITLE='" +
StringEscapeUtils.escapeSql("McHale's Navy") +
"'");&/pre&
* &p&At present, this method only turns single-quotes into doubled single-quotes
* (&code&"McHale's Navy"&/code& =& &code&"McHale''s Navy"&/code&). It does not
* handle the cases of percent (%) or underscore (_) for use in LIKE clauses.&/p&
* @param str
the string to escape, may be null
* @return a new String, escaped for SQL, &code&null&/code& if null string input
public static String escapeSql(String str) {
if (str == null) {
return StringUtils.replace(str, "'", "''");
//-----------------------------------------------------------------------
* &p&Returns a &code&String&/code& value for a CSV column enclosed in double quotes,
* if required.&/p&
* &p&If the value contains a comma, newline or double quote, then the
String value is returned enclosed in double quotes.&/p&
* &p&Any double quote characters in the value are escaped with another double quote.&/p&
* &p&If the value does not contain a comma, newline or double quote, then the
String value is returned unchanged.&/p&
* see &a href=""&Wikipedia&/a& and
* &a href=""&RFC 4180&/a&.
* @param str the input CSV column String, may be null
* @return the input String, enclosed in double quotes if the value contains a comma,
* newline or double quote, &code&null&/code& if null string input
* @since 2.4
public static String escapeCsv(String str) {
if (StringUtils.containsNone(str, CSV_SEARCH_CHARS)) {
StringWriter writer = new StringWriter();
escapeCsv(writer, str);
return writer.toString();
} catch (IOException ioe) {
// this should never ever happen while writing to a StringWriter
throw new UnhandledException(ioe);
* &p&Writes a &code&String&/code& value for a CSV column enclosed in double quotes,
* if required.&/p&
* &p&If the value contains a comma, newline or double quote, then the
String value is written enclosed in double quotes.&/p&
* &p&Any double quote characters in the value are escaped with another double quote.&/p&
* &p&If the value does not contain a comma, newline or double quote, then the
String value is written unchanged (null values are ignored).&/p&
* see &a href=""&Wikipedia&/a& and
* &a href=""&RFC 4180&/a&.
* @param str the input CSV column String, may be null
* @param out Writer to write input string to, enclosed in double quotes if it contains
* a comma, newline or double quote
* @throws IOException if error occurs on underlying Writer
* @since 2.4
public static void escapeCsv(Writer out, String str) throws IOException {
if (StringUtils.containsNone(str, CSV_SEARCH_CHARS)) {
if (str != null) {
out.write(str);
out.write(CSV_QUOTE);
for (int i = 0; i & str.length(); i++) {
char c = str.charAt(i);
if (c == CSV_QUOTE) {
out.write(CSV_QUOTE); // escape double quote
out.write(c);
out.write(CSV_QUOTE);
* &p&Returns a &code&String&/code& value for an unescaped CSV column. &/p&
* &p&If the value is enclosed in double quotes, and contains a comma, newline
or double quote, then quotes are removed.
* &p&Any double quote escaped characters (a pair of double quotes) are unescaped
to just one double quote. &/p&
* &p&If the value is not enclosed in double quotes, or is and does not contain a
comma, newline or double quote, then the String value is returned unchanged.&/p&
* see &a href=""&Wikipedia&/a& and
* &a href=""&RFC 4180&/a&.
* @param str the input CSV column String, may be null
* @return the input String, with enclosing double quotes removed and embedded double
* quotes unescaped, &code&null&/code& if null string input
* @since 2.4
public static String unescapeCsv(String str) {
if (str == null) {
StringWriter writer = new StringWriter();
unescapeCsv(writer, str);
return writer.toString();
} catch (IOException ioe) {
// this should never ever happen while writing to a StringWriter
throw new UnhandledException(ioe);
* &p&Returns a &code&String&/code& value for an unescaped CSV column. &/p&
* &p&If the value is enclosed in double quotes, and contains a comma, newline
or double quote, then quotes are removed.
* &p&Any double quote escaped characters (a pair of double quotes) are unescaped
to just one double quote. &/p&
* &p&If the value is not enclosed in double quotes, or is and does not contain a
comma, newline or double quote, then the String value is returned unchanged.&/p&
* see &a href=""&Wikipedia&/a& and
* &a href=""&RFC 4180&/a&.
* @param str the input CSV column String, may be null
* @param out Writer to write the input String to, with enclosing double quotes
* removed and embedded double quotes unescaped, &code&null&/code& if null string input
* @throws IOException if error occurs on underlying Writer
* @since 2.4
public static void unescapeCsv(Writer out, String str) throws IOException {
if (str == null) {
if (str.length() & 2) {
out.write(str);
if ( str.charAt(0) != CSV_QUOTE || str.charAt(str.length() - 1) != CSV_QUOTE ) {
out.write(str);
// strip quotes
String quoteless = str.substring(1, str.length() - 1);
if ( StringUtils.containsAny(quoteless, CSV_SEARCH_CHARS) ) {
// deal ie) ""
str = StringUtils.replace(quoteless, CSV_QUOTE_STR + CSV_QUOTE_STR, CSV_QUOTE_STR);
out.write(str);
Copyright © 2011 &/script&
文章很好!挺你!&&&&
