Depends on the goal.
An absolutely precise decision may be rather complex.
But a simpler decision that guarantees never to say yes to something that
has any active HTML is much easier. I think that absence of <'s and only
clearly valid entity references makes that true. It may be that there are
subtle cases of safely escaped HTML that fall outside this filter. Whether
that is a problem for you depends on your application.
On Tue, Sep 2, 2008 at 6:32 PM, F. Andy Seidl
<[EMAIL PROTECTED]>wrote:
> >> Isn't this a pretty simple regex? Just look for <'s and &'s without
> entity syntax <<
>
> I suspect that creating a really robust test would involve dealing with a
> number of gotchas. For example, is this string escaped?
>
> StringEscapeUtils.isHtmlEscaped ("Use this HTML:
> '<b>text</b>'")
>
> -- fas
>
> F. Andy Seidl
> MyST Technology Partners, Inc.
>
> -----Original Message-----
> From: Ted Dunning [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 02, 2008 2:48 PM
> To: Commons Users List
> Subject: Re: isEscaped
>
> Isn't this a pretty simple regex? Just look for <'s and &'s without entity
> syntax.
>
> On Tue, Sep 2, 2008 at 11:28 AM, Gabriel Reis <[EMAIL PROTECTED]> wrote:
>
> > Hi,
> >
> > Is there any tool to verify if a String is escaped? Something like this:
> >
> > assertFalse( StringEscapeUtils.isHtmlEscaped("<b>text</b>") );
> >
> > assertTrue( StringEscapeUtils.isHtmlEscaped("<b>text</b>") );
> >
> >
> > []s
> > Gabriel
> >
>
>
>
> --
> ted
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
ted
