Java background escapes special characters for front-end input

Html:

There are 2 common helper classes: one is Spring htmlutils and the other is Apache.commons stringescapeutils

1  Public Static voidtesthtml () {2String str = "<a href= ' http://www.qq.com ' >QQ</a><script>";3     /**4 * Spring's htmlutils is escaped 5      */6     //&lt;a href=& #39;http://www.qq.com& #39;&gt; Qq&lt;/a&gt;&lt;script&gt;7 System.out.println (Org.springframework.web.util.HtmlUtils.htmlEscape (str));8     //& #60; a href=& #39;http://www.qq.com& #39;& #62; qq& #60;/a& #62;& #60;script& #62;9 System.out.println (Org.springframework.web.util.HtmlUtils.htmlEscapeDecimal (str));Ten     //& #x3c; a href=& #x27;http://www.qq.com& #x27;& #x3e; qq& #x3c;/a& #x3e;& #x3c;script& #x3e; One System.out.println (Org.springframework.web.util.HtmlUtils.htmlEscapeHex (str)); A      -     /** - * Spring's htmlutils to restore  the      */ -     //<a href= 'http://www.qq.com' >QQ</a><script> -System.out.println (Org.springframework.web.util.HtmlUtils.htmlUnescape ("&lt;a href=& #39; http:// www.qq.com& #39;&gt; Qq&lt;/a&gt;&lt;script&gt; ")); -     //<a href= 'http://www.qq.com' >QQ</a><script> +System.out.println (Org.springframework.web.util.HtmlUtils.htmlUnescape ("& #60; a href=& #39; http:// www.qq.com& #39;& #62; qq& #60;/a& #62;& #60;script& #62; ")); -     //<a href= 'http://www.qq.com' >QQ</a><script> +System.out.println (Org.springframework.web.util.HtmlUtils.htmlUnescape ("& #x3c; a href=& #x27; http:// www.qq.com& #x27;& #x3e; qq& #x3c;/a& #x3e;& #x3c;script& #x3e; ")); A      at     /** - * Stringescapeutils of Apache is escaped  -      */ -     //&lt;a href= 'http://www.qq.com' &gt; Qq&lt;/a&gt;&lt;script&gt; - System.out.println (org.apache.commons.lang.StringEscapeUtils.escapeHtml (str)); -      in     /** - * Apache's stringescapeutils to restore  to      */ +     //<a href= 'http://www.qq.com' >QQ</a><script> -System.out.println (org.apache.commons.lang.StringEscapeUtils.unescapeHtml ("&lt;a href= ' http://www.qq.com ' &gt; Qq&lt;/a&gt;&lt;script&gt; ")); the}

Javascript:

There are 2 common helper classes: one is Spring javascriptutils and the other is Apache.commons stringescapeutils

1  Public Static voidTestjavascript () {2String js = "<script type= ' Text/javascript ' >var a=10;alert (a);</script>";3     /**4 * Spring's javascriptutils is escaped, no restore method is provided 5      */6     //\u003cscript type=\ ' text\/javascript\ ' \u003evar a=10;alert (a); \u003c\/script\u003e7 System.out.println (Org.springframework.web.util.JavaScriptUtils.javaScriptEscape (JS));8     9     /**Ten * Stringescapeutils of Apache is escaped  One      */ A     //<script type=\ ' text\/javascript\ ' >var a=10;alert (a);<\/script> - System.out.println (Org.apache.commons.lang.StringEscapeUtils.escapeJavaScript (JS)); -     /** the * Apache's stringescapeutils to restore  -      */ -     //<script type= ' text/javascript ' >var a=10;alert (a);</script> - System.out.println (Org.apache.commons.lang.StringEscapeUtils.unescapeJavaScript ( Org.apache.commons.lang.StringEscapeUtils.escapeJavaScript (JS))); +}

Sql:

Apache.commons under the Stringescapeutils

/**  *   */  = "SELECT * from table where username= '" + org.apache.commons.lang.StringEscapeUtils.escapeSql ("admin ' or ' 1=1" ) + "' and password= ' admin '"; // select * FROM table where username= ' admin ' or ' 1=1 ' and password= ' admin ' SYSTEM.OUT.PRINTLN (SQL);

Java background escapes special characters for front-end input