Package ru.testit.services
Class HtmlEscapeUtils
java.lang.Object
ru.testit.services.HtmlEscapeUtils
-
Method Summary
Modifier and TypeMethodDescriptionstatic <T> TescapeHtmlInObject(T obj) Escapes HTML tags in all String fields of an object using reflection Also processes List fields: if List of objects - calls escapeHtmlInObjectList, Can be disabled by setting NO_ESCAPE_HTML environment variable to "true" if List of Strings - escapes each stringstatic <T> List<T>escapeHtmlInObjectList(List<T> list) Escapes HTML tags in all String fields of objects in a list using reflection.static StringescapeHtmlTags(String text) Escapes HTML tags to prevent XSS attacks.
-
Method Details
-
escapeHtmlTags
Escapes HTML tags to prevent XSS attacks. First checks if the string contains HTML tags using regex pattern. Only performs escaping if HTML tags are detected. Escapes all < as \< and > as \> only if they are not already escaped. Uses regex with negative lookbehind to avoid double escaping.- Parameters:
text- The text to escape- Returns:
- Escaped text or original text if no HTML tags found
-
escapeHtmlInObject
public static <T> T escapeHtmlInObject(T obj) Escapes HTML tags in all String fields of an object using reflection Also processes List fields: if List of objects - calls escapeHtmlInObjectList, Can be disabled by setting NO_ESCAPE_HTML environment variable to "true" if List of Strings - escapes each string- Parameters:
obj- The object to process- Returns:
- The processed object with escaped strings
-
escapeHtmlInObjectList
Escapes HTML tags in all String fields of objects in a list using reflection. Can be disabled by setting NO_ESCAPE_HTML environment variable to "true".- Parameters:
list- The list of objects to process- Returns:
- The processed list with escaped strings in all objects, or null if input is null
-