Escape HTML

This example will show how to escape HTML characters using java, guava, apache commons and springframework.

Setup

private static final String HTML_TO_ESCAPE = "<html><p>Escape this</p></html>";

Straight up Java

@Test
public void escape_html_with_straight_java () {

    // Do not recommend escaping HTML this way
    String escapedHtml = HTML_TO_ESCAPE
                            .replaceAll("&", "&amp;")
                            .replaceAll("\"", "&quot;")
                            .replaceAll("<", "&lt;")
                            .replaceAll(">", "&gt;");

    assertEquals("&lt;html&gt;&lt;p&gt;Escape this&lt;/p&gt;&lt;/html&gt;", escapedHtml);
}

Google Guava

Guava HtmlEscapers will escapes HTML meta characters as specified by HTML 4.01.

@Test
public void escape_html_with_guava () {

    // escapes the following:  '"&<>.  
    String escapedHtml = HtmlEscapers.htmlEscaper().escape(HTML_TO_ESCAPE);

    assertEquals("&lt;html&gt;&lt;p&gt;Escape this&lt;/p&gt;&lt;/html&gt;", escapedHtml);
}

Spring Framework

Using springframework's HtmlUtils.htmlEscape will escape HTML character references based on HTML 4.01 recommendation.

@Test
public void escape_html_with_spring () {

    String escapedHtml = HtmlUtils.htmlEscape(HTML_TO_ESCAPE);

    assertEquals("&lt;html&gt;&lt;p&gt;Escape this&lt;/p&gt;&lt;/html&gt;", escapedHtml);
}

Apache Commons

This snippet will escape html special characters in a java string with apache commons.

@Test
public void escape_html_with_apache_commons () {

    //escapes @Test
public void escape_html_with_apache_commons () {

    //escapes \&<>, ISO-8859-1 characters, escape additional entities for more infor
    String escapedHTML = StringEscapeUtils.escapeHtml4(HTML_TO_ESCAPE);

    // escapedHtml = &lt;html&gt;&lt;p&gt;Escape this&lt;/p&gt;&lt;/html&gt;
    assertEquals("&lt;html&gt;&lt;p&gt;Escape this&lt;/p&gt;&lt;/html&gt;", escapedHTML);

}amp;<>, ISO-8859-1 characters, escape additional entities for more infor
    String escapedHTML = StringEscapeUtils.escapeHtml4(HTML_TO_ESCAPE);

    // escapedHtml = &lt;html&gt;&lt;p&gt;Escape this&lt;/p&gt;&lt;/html&gt;
    assertEquals("&lt;html&gt;&lt;p&gt;Escape this&lt;/p&gt;&lt;/html&gt;", escapedHTML);

}