Re: isEscaped

Garrett Smith Tue, 02 Sep 2008 19:40:08 -0700

On Tue, Sep 2, 2008 at 7:00 PM, Ted Dunning <[EMAIL PROTECTED]> wrote:
> Depends on the goal.
>
> An absolutely precise decision may be rather complex.
>
>
> But a simpler decision that guarantees never to say yes to something that
> has any active HTML is much easier.  I think that absence of <'s and only
> clearly valid entity references makes that true.  It may be that there are
> subtle cases of safely escaped HTML that fall outside this filter.  Whether
> that is a problem for you depends on your application.
>


this & that ?

There are many entities. HTML Entities, XML Entities.

isEscaped would have to account for a negation of all of unescaped entities.

not: < | ' | " | & | \u00a0 should suffice reasonably well. The last
one is nbsp or #160/

Garrett

> On Tue, Sep 2, 2008 at 6:32 PM, F. Andy Seidl
> <[EMAIL PROTECTED]>wrote:
>
>> >> Isn't this a pretty simple regex?  Just look for <'s and &'s without
>> entity syntax <<
>>
>> I suspect that creating a really robust test would involve dealing with a
>> number of gotchas.  For example, is this string escaped?
>>
>> StringEscapeUtils.isHtmlEscaped ("Use this HTML:
>> '&lt;b&gt;text&lt;/b&gt;'")
>>
>> -- fas
>>
>> F. Andy Seidl
>> MyST Technology Partners, Inc.
>>
>> -----Original Message-----
>> From: Ted Dunning [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, September 02, 2008 2:48 PM
>> To: Commons Users List
>> Subject: Re: isEscaped
>>
>> Isn't this a pretty simple regex?  Just look for <'s and &'s without entity
>> syntax.
>>
>> On Tue, Sep 2, 2008 at 11:28 AM, Gabriel Reis <[EMAIL PROTECTED]> wrote:
>>
>> > Hi,
>> >
>> > Is there any tool to verify if a String is escaped? Something like this:
>> >
>> > assertFalse( StringEscapeUtils.isHtmlEscaped("<b>text</b>") );
>> >
>> > assertTrue( StringEscapeUtils.isHtmlEscaped("&lt;b&gt;text&lt;/b&gt;") );
>> >
>> >
>> > []s
>> > Gabriel
>> >
>>
>>
>>
>> --
>> ted
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> --
> ted
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: isEscaped

Reply via email to