Escape processing is performed when replacing the macro string of the HTML
template with a parameter.
This article uses ʻunbescape`.
Although the support for HTML5
is not specified, there is also a method using ʻApache Commons Text`.
This library was in spring-boot-starter-thymeleaf
, so if you have something related to SpringBoot
, you may not need to do anything.
For the time being, the repository of Maven
is as follows.
I tried escaping with reference to the following article.
-HTML escape processing with JavaScript -Qiita
You can escape with HtmlEscape.escapeHtml5
.
Verification code
fun main() {
val value = """
&: &
': '
`: `
": "
<: <
>: >
""".trimIndent()
println(HtmlEscape.escapeHtml5(value))
}
All but backticks have been escaped.
Execution result
&: &amp;
': &#x27;
`: &#x60;
": &quot;
<: &lt;
>: &gt;
Below is a look at the package. You can escape in various ways.
-Tech Note-Try sanitizing HTML tags with java
Recommended Posts