Spring's excellent tool class inventory, part 2nd: Special character escape and method entry detection Tool classes

Not only does Spring provide a full-featured application development framework, but it also has a number of tool classes that you can use directly when you write a program, not only in spring applications but also in other applications, most of which can be detached from spring The frame is used. Knowing what handy tool classes are available in Spring and using them appropriately when you write them will help improve development efficiency and enhance code quality.

In this two-part article, we'll pick out the handy tools classes from a number of Spring tool classes. Part 1th describes the tool classes related to file resource operations and Web. The special character escape and method entry instrumentation tool classes are introduced in part 2nd.

Special character escape

Because WEB applications need to be federated to multiple languages, each containing some special characters, for dynamic or tabbed languages, a problem that we often encounter when we need to dynamically construct the content of a language is the escape of special characters. The following are the special character types that Web developers most often face to escape:

HTML special characters;

JavaScript special characters;

SQL special characters;

If you do not escape these special characters, you will not only be able to break the document structure, but can also raise potential security issues. Spring provides an escape operation tool class for HTML and JavaScript special characters, respectively, Htmlutils and Javascriptutils.

HTML Special character escape

<,>,& characters in HTML have special meanings, they are reserved words in the HTML language and therefore cannot be used directly. When using these characters, you should use their escape sequences:

&:&amp;

":&quot;

<:&lt;

>:&gt;

Because HTML pages are a text-structured document in itself, it is highly likely that the entire HTML document will be corrupted if it is exported directly to the Web page with HTML-specific characters. Therefore, it is generally necessary to escape processing of dynamic data, using escape sequences to represent HTML special characters. The following JSP pages dynamically output some variables to an HTML Web page:

Listing 1. No HTML special character escape processing Web page

<%@ page language="java" contentType="text/html; charset=utf-8"%>
<%!
　 String userName = "</td><tr></table>";
　 String address = " \" type=\"button";
%>
<table border="1">
　 <tr>
　　 <td>姓名：</td><td><%=userName%></td> ①
　 </tr>
　 <tr>
　　 <td>年龄：</td><td>28</td>
　 </tr>
</table>
<input value="<%=address%>"　type="text" /> ②