[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jakarta-commons-dev
Subject:    [lang] StringEscapeUtils
From:       Alex Chaffee / Purple Technology <guru () stinky ! com>
Date:       2003-03-31 4:02:55
[Download RAW message or body]

I've checked in my first pass at StringEscapeUtils.  It handles Java,
JavaScript, and HTML entity escaping and unescaping. 

There are a few nitpicky issues I'd like some consensus on:

* StringEscapeUtils is a bit much to type for a quick static API call
 -- should we rename it EscapeUtils?  It's not like there will be any
 other type of Escape...

* Java strings can handle raw single-quotes inside strings, but I
 don't think JavaScript can (or at least it's dangerous since a
 JS string may very well have ' as a string delimiter).  So on the
 principle that you should escape only what you have to -- why add an
 unnecessary backslash? -- I made escapeJava pass single quotes
 through.  (Unescape still turns \' into ', of course.)  This is a
 change from the existing StringUtils.escape.

* escapeJava now uses lowercase letters for hex codes.  Are there any
 feelings about switching to capital letters?  I prefer caps (like
 \uCAFE instead of \ucafe) but I could go either way.

* I made use of (and thus contributed) my StringPrintWriter class.  Do
 you think it's useful enough to make it part of the public API (and
 add tests and docs for it)?  



Todo:

* The HTML escaper builds a static hash table mapping entities to
 ints; I still need to make it initialize this lazily so casual users
 don't pay an up-front penalty (however slight) for linking to the
 library.

* XML escape, SQL escape. They're both easy, at least in the first
 pass.  But does anyone know how to escape high-bit and control
 chars in SQL?  (I know that JDBC has its own curly-brace escapes;
 that's out of scope for this function.)

* make StringUtils.escape call StringEscapeUtils.escapeJava &c. instead
 of reimplementing.  I'm happy to leave this one be for a while until 
 people are comfortable with the StringEscapeUtils.

* add a Writer-based version for HTML escape and unescape

* I think it'll be ready to roll for 2.0, but if we decide to
 postpone, I'll have to change the build.xml to exclude it from the
 jar.


 - Alex


-- 
Alex Chaffee                               mailto:alex@jguru.com
Purple Technology - Code and Consulting    http://www.purpletech.com/
jGuru - Java News and FAQs                 http://www.jguru.com/alex/
Gamelan - the Original Java site           http://www.gamelan.com/
Stinky - Art and Angst                     http://www.stinky.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]