On Wed, Sep 3, 2008 at 7:56 AM, Niall Pemberton
<[EMAIL PROTECTED]> wrote:
> On Tue, Sep 2, 2008 at 7:28 PM, Gabriel Reis <[EMAIL PROTECTED]> wrote:
>> Hi,
>>
>> Is there any tool to verify if a String is escaped? Something like this:
>>
"Escaped HTML" would be HTML that contains no unescaped HTML entities.
>> assertFalse( StringEscapeUtils.isHtmlEscaped("<b>text</b>") );
>>
This example:
>> assertTrue( StringEscapeUtils.isHtmlEscaped("<b>text</b>") );
>
- is flawed.
The flaw is searching for unescaped entities, not searching for no
unescaped entities.
It is a very basic logical fallacy called "Affirming the Consequent".
Example:
1. Escaped HTML contains escaped HTML Entities.
2. String S contains escaped HTML entities.
3. Therefore, String S is Escaped HTML.
We can also see that there is another fallacy here: A generalization
fallacy in (1). Escaped HTML contains escaped HTML Entities is not a
universal truth. If we change (1) to:-
"Escaped HTML usually contains HTML Entities"
- then we can easily see that (3) would not be implied unless we changed to:-
1. Escaped HTML *usually* contains escaped HTML Entities.
2. String S contains escaped HTML entities.
3. Therefore, String S is *probably* Escaped HTML.
But then we still have the ""Affirming the Consequent" error, because
it could be statistically possible that the application we are testing
deals with a lot of HTML code examples like:-
To make text bold, use the <b> tag.
> Perhaps one way to do this is to use the StringEscapeUtils's
> unescapeHtml() method and compare if the result equals the original.
>
> something like...
>
> if (value.equals(StringEscapeUtils.unescapeHtml(value))) {
> ...
> }
>
Method unescapeHTML converts escaped entities to the unescaped character.
That would not work.
Because:-
boolean isEscaped;
String value = "Use this HTML: '<b>text</b>'";
isEscaped = value.equals(StringEscapeUtils.unescapeHTML(value));
isEscaped would be false.
So, I think that Tim is probably getting at the problem better by
asking: "What is the end goal?".
And the OP has been silent.
Garrett
> http://commons.apache.org/lang/api-release/org/apache/commons/lang/StringEscapeUtils.html#unescapeHtml(java.lang.String)
>
> Niall
>
>> []s
>> Gabriel
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
