类 EscapeTool
Example uses: $velocity -> Please escape $ and #! $esc.velocity($velocity) -> Please escape ${esc.d} and ${esc.h}! $java -> He didn't say, "Stop!" $esc.java($java) -> He didn't say, \"Stop!\" $javascript -> He didn't say, "Stop!" $esc.javascript($javascript) -> He didn\'t say, \"Stop!\" $html -> "bread" & "butter" $esc.html($html) -> "bread" & "butter" $xml -> "bread" & "butter" $esc.xml($xml) -> "bread" & "butter" $sql -> McHale's Navy $esc.sql($sql) -> McHale''s Navy $url -> hello here & there $esc.url -> hello+here+%26+there $esc.dollar -> $ $esc.d -> $ $esc.hash -> # $esc.h -> # $esc.backslash -> \ $esc.b -> \ $esc.quote -> " $esc.q -> " $esc.singleQuote -> ' $esc.s -> ' $esc.newline -> $esc.n -> $esc.exclamation -> ! $esc.e -> ! Example tools.xml config (if you want to use this with VelocityView): <tools> <toolbox scope="application"> <tool class="org.apache.velocity.tools.generic.EscapeTool"/> </toolbox> </tools>
This tool is entirely threadsafe, and has no instance members. It may be used in any scope (request, session, or application).
- 从以下版本开始:
- VelocityTools 1.2
- 版本:
- $Id: $
- 作者:
- Shinobu Kawai
- 另请参阅:
-
StringEscapeUtils
-
字段概要
字段从类继承的字段 org.apache.velocity.tools.generic.SafeConfig
LOCK_CONFIG_KEY, OLD_LOCK_CONFIG_KEY, SAFE_MODE_KEY
-
构造器概要
构造器 -
方法概要
修饰符和类型方法说明protected void
configure
(ValueParser values) Does the actual configuration.protected String
dumpString
(String string, boolean key) This code was pulled from the Apache Harmony project.getB()
Renders a backslash (\).Renders a backslash (\).getD()
Renders a dollar sign ($).Renders a dollar sign ($).getE()
Renders an exclamation mark (!).Renders an exclamation mark (!).getH()
Renders a hash (#).getHash()
Renders a hash (#).getKey()
Should return the key under which this tool has been configured.getN()
Renders a new line character appropriate for the operating system ("\n" in java).Renders a new line character appropriate for the operating system ("\n" in java).getQ()
Renders a double quotation mark (").getQuote()
Renders a double quotation mark (").getS()
Renders a single quotation mark (').Renders a single quotation mark (').Escapes the characters in aString
using HTML entities.Escapes the characters in aString
using Java String rules.javascript
(Object string) Escapes the characters in aString
using JavaScript String rules.propertyKey
(Object string) Escapes the characters in aString
using java.util.Properties rules for escaping property keys.propertyValue
(Object string) Escapes the characters in aString
using java.util.Properties rules for escaping property values.protected void
Sets the key under which this tool has been configured.Escapes the characters in aString
to be suitable to pass to an SQL query.Converts the specified Unicode code point and/or escape sequence into the associated Unicode character.Escape the characters in aString
to be suitable to use as an HTTP parameter value.Escapes the characters in aString
using "poor man's escaping" for Velocity templates by replacing all '$' characters with '${esc.d}' and all '#' characters with '${esc.h}'.Escapes the characters in aString
using XML entities.从类继承的方法 org.apache.velocity.tools.generic.SafeConfig
configure, isConfigLocked, isSafeMode, setLockConfig, setSafeMode
-
字段详细资料
-
DEFAULT_KEY
- 另请参阅:
-
key
-
-
构造器详细资料
-
EscapeTool
public EscapeTool()
-
-
方法详细资料
-
configure
Does the actual configuration. This is protected, so subclasses may share the same ValueParser and call configure at any time, while preventing templates from doing so when configure(Map) is locked.- 覆盖:
configure
在类中SafeConfig
-
setKey
Sets the key under which this tool has been configured. -
getKey
Should return the key under which this tool has been configured. The default is 'esc'. -
velocity
Escapes the characters in a
String
using "poor man's escaping" for Velocity templates by replacing all '$' characters with '${esc.d}' and all '#' characters with '${esc.h}'. This form of escaping is far more reliable and consistent than using '\' to escape valid references, directives and macros, though it does require that you have the EscapeTool available in the context when you later go to process the result returned by this method.NOTE: This will only work so long as the EscapeTool is placed in the context using its default key 'esc' or you are using VelocityTools 2.0+ and have put this tool in one of your toolboxes under an alternate key (in which case the EscapeTool will automatically be told what its new key is). If for some strange reason you wish to use an alternate key and are not using the tool management facilities of VelocityTools 2.0+, you must subclass this tool and manually call setKey(String) before using this method.
- 参数:
obj
- the string value that needs escaping- 返回:
- String with escaped values,
null
if null string input
-
java
Escapes the characters in aString
using Java String rules.
Delegates the process toStringEscapeUtils#escapeJava(String)
.- 参数:
string
- the string to escape values, may be null- 返回:
- String with escaped values,
null
if null string input - 另请参阅:
-
StringEscapeUtils#escapeJava(String)
-
propertyKey
Escapes the characters in aString
using java.util.Properties rules for escaping property keys.- 参数:
string
- the string to escape values, may be null- 返回:
- String with escaped values,
null
if null string input - 另请参阅:
-
propertyValue
Escapes the characters in aString
using java.util.Properties rules for escaping property values.- 参数:
string
- the string to escape values, may be null- 返回:
- String with escaped values,
null
if null string input - 另请参阅:
-
dumpString
This code was pulled from the Apache Harmony project. See https://svn.apache.org/repos/asf/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/java/util/Properties.java -
javascript
Escapes the characters in aString
using JavaScript String rules.
Delegates the process toStringEscapeUtils#escapeJavaScript(String)
.- 参数:
string
- the string to escape values, may be null- 返回:
- String with escaped values,
null
if null string input - 另请参阅:
-
StringEscapeUtils#escapeJavaScript(String)
-
html
Escapes the characters in aString
using HTML entities.
Delegates the process toStringEscapeUtils#escapeHtml(String)
.- 参数:
string
- the string to escape, may be null- 返回:
- a new escaped
String
,null
if null string input - 另请参阅:
-
StringEscapeUtils#escapeHtml(String)
-
url
Escape the characters in aString
to be suitable to use as an HTTP parameter value.
Uses UTF-8 as default character encoding.- 参数:
string
- the string to escape, may be null- 返回:
- a new escaped
String
,null
if null string input See java.net.URLEncoder#encode(String,String). - 从以下版本开始:
- VelocityTools 1.3
-
xml
Escapes the characters in aString
using XML entities.
Delegates the process toStringEscapeUtils#escapeXml(String)
.- 参数:
string
- the string to escape, may be null- 返回:
- a new escaped
String
,null
if null string input - 另请参阅:
-
StringEscapeUtils#escapeXml(String)
-
sql
Escapes the characters in aString
to be suitable to pass to an SQL query.
Delegates the process toStringEscapeUtils#escapeSql(String)
.- 参数:
string
- the string to escape, may be null- 返回:
- a new String, escaped for SQL,
null
if null string input - 另请参阅:
-
StringEscapeUtils#escapeSql(String)
-
unicode
Converts the specified Unicode code point and/or escape sequence into the associated Unicode character. This allows numeric code points or String versions of the numeric code point to be correctly translated within a template. This is especially useful for those creating unicode from a reference value, or injecting a unicode character into a template with a version of Velocity prior to 1.6.- 参数:
code
- the code to be translated/escaped, may be null- 返回:
- the unicode character for that code,
null
if input was null - 另请参阅:
-
getDollar
Renders a dollar sign ($).- 返回:
- a dollar sign ($).
- 另请参阅:
-
getD
Renders a dollar sign ($).- 返回:
- a dollar sign ($).
- 另请参阅:
-
getHash
Renders a hash (#).- 返回:
- a hash (#).
- 另请参阅:
-
getH
Renders a hash (#).- 返回:
- a hash (#).
- 另请参阅:
-
getBackslash
Renders a backslash (\).- 返回:
- a backslash (\).
- 另请参阅:
-
getB
Renders a backslash (\).- 返回:
- a backslash (\).
- 另请参阅:
-
getQuote
Renders a double quotation mark (").- 返回:
- a double quotation mark (").
- 另请参阅:
-
getQ
Renders a double quotation mark (").- 返回:
- a double quotation mark (").
- 另请参阅:
-
getSingleQuote
Renders a single quotation mark (').- 返回:
- a single quotation mark (').
- 另请参阅:
-
getS
Renders a single quotation mark (').- 返回:
- a single quotation mark (').
- 另请参阅:
-
getNewline
Renders a new line character appropriate for the operating system ("\n" in java).- 另请参阅:
-
getN
Renders a new line character appropriate for the operating system ("\n" in java).- 另请参阅:
-
getExclamation
Renders an exclamation mark (!).- 返回:
- an exclamation mark (!).
- 另请参阅:
-
getE
Renders an exclamation mark (!).- 返回:
- an exclamation mark (!).
- 另请参阅:
-