This small Java class is a utility class for escaping strings so that they are safe to use in HTML.
There's a single static method, htmlEscape()
, which does the job.
I've found that all existing solutions (libraries) I've reviewed suffered from one or several of the below issues:
- They escape too much ... which makes the HTML much harder to read and takes longer time.
- They don't tell you in the Javadoc exactly what they replace.
- They do not document when the returned value is safe to use (safe to use for an HTML entity?, for an HTML attributute?, etc)