[prev in list] [next in list] [prev in thread] [next in thread]
List: jakarta-commons-dev
Subject: [lang] StringEscapeUtils
From: Alex Chaffee / Purple Technology <guru () stinky ! com>
Date: 2003-03-31 4:02:55
[Download RAW message or body]
I've checked in my first pass at StringEscapeUtils. It handles Java,
JavaScript, and HTML entity escaping and unescaping.
There are a few nitpicky issues I'd like some consensus on:
* StringEscapeUtils is a bit much to type for a quick static API call
-- should we rename it EscapeUtils? It's not like there will be any
other type of Escape...
* Java strings can handle raw single-quotes inside strings, but I
don't think JavaScript can (or at least it's dangerous since a
JS string may very well have ' as a string delimiter). So on the
principle that you should escape only what you have to -- why add an
unnecessary backslash? -- I made escapeJava pass single quotes
through. (Unescape still turns \' into ', of course.) This is a
change from the existing StringUtils.escape.
* escapeJava now uses lowercase letters for hex codes. Are there any
feelings about switching to capital letters? I prefer caps (like
\uCAFE instead of \ucafe) but I could go either way.
* I made use of (and thus contributed) my StringPrintWriter class. Do
you think it's useful enough to make it part of the public API (and
add tests and docs for it)?
Todo:
* The HTML escaper builds a static hash table mapping entities to
ints; I still need to make it initialize this lazily so casual users
don't pay an up-front penalty (however slight) for linking to the
library.
* XML escape, SQL escape. They're both easy, at least in the first
pass. But does anyone know how to escape high-bit and control
chars in SQL? (I know that JDBC has its own curly-brace escapes;
that's out of scope for this function.)
* make StringUtils.escape call StringEscapeUtils.escapeJava &c. instead
of reimplementing. I'm happy to leave this one be for a while until
people are comfortable with the StringEscapeUtils.
* add a Writer-based version for HTML escape and unescape
* I think it'll be ready to roll for 2.0, but if we decide to
postpone, I'll have to change the build.xml to exclude it from the
jar.
- Alex
--
Alex Chaffee mailto:alex@jguru.com
Purple Technology - Code and Consulting http://www.purpletech.com/
jGuru - Java News and FAQs http://www.jguru.com/alex/
Gamelan - the Original Java site http://www.gamelan.com/
Stinky - Art and Angst http://www.stinky.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic