public final class EscapeUtil extends Object
Utilities to escaping characters for preventing XSS attack.
This class escapes only & (&), "("), <(<), >(>) and '(') characters. Others characters are left untouched. See rule #1 at XSS_Prevention_Rules.
Use when StringEscapeUtils cannot be used because of escaping more or less character entities.
Modifier and Type | Method and Description |
---|---|
static String |
escapeSql(String str)
Escapes the characters in a
String to be suitable to pass as value to an SQL query. |
static String |
escapeXss(String str) |
static String[] |
escapeXss(String[] str) |
static String |
unescapeSql(String str)
Unescape previously escaped chars.
|
static String |
unescapeXss(String str) |
static String[] |
unescapeXss(String[] str) |
public static String escapeSql(String str)
Escapes the characters in a String
to be suitable to pass as value to an SQL query.
Copyright © 2003–2019 Magnolia International Ltd.. All rights reserved.