HTML

Functions

• DecodeForHtml() Decodes the given encoded string.
• EncodeForHTML() Encodes the given string for safe output in HTML to reduce the risk of Cross Site Scripting attacks.
• EncodeForHTMLAttribute() Encodes the given string for safe output in HTML to reduce the risk of Cross Site Scripting attacks.
• ESAPIEncode() Encodes the given string for safe output to reduce the risk of Cross Site Scripting attacks.
• HTMLCodeFormat() Replaces special characters in a string with their HTML-escaped equivalents and inserts and tags at the beginning and end of the string. [version] HTML version to use. currently ignored. -1: The latest implementation of HTML 2.0: HTML 2.0 (Default) 3.2: HTML 3.2
• HTMLEditFormat() Replaces special characters in a string with their HTML-escaped equivalents. [version] HTML version to use. currently ignored. -1: The latest implementation of HTML 2.0: HTML 2.0 (Default) 3.2: HTML 3.2 4.0: HTML 4.0
• HtmlParse() parse the given html (not only xhtml) as xml Object, work similar to xmlParse, but this function is very forgiving with the syntax..
• ParagraphFormat() Formats the carriage returns in a string to a HTML alternatives
• SanitizeHtml() Sanitizes unsafe HTML input and removes elements and attributes like JavaScript, onclick, etc. See also https://github.com/OWASP/java-html-sanitizer

Methods

• string.decodeForHTML() Decodes the given encoded string.
• string.encodeForHTML() Encodes the given string for safe output in HTML to reduce the risk of Cross Site Scripting attacks.
• string.encodeForHTMLAttribute() Encodes the given string for safe output in HTML to reduce the risk of Cross Site Scripting attacks.
• string.paragraphFormat() Formats the carriage returns in a string to a HTML alternatives
• string.sanitizeHTML() Sanitizes unsafe HTML input and removes elements and attributes like JavaScript, onclick, etc. See also https://github.com/OWASP/java-html-sanitizer