程序包 org.apache.velocity.tools.generic

类 EscapeTool

java.lang.Object
org.apache.velocity.tools.generic.SafeConfig
org.apache.velocity.tools.generic.EscapeTool
所有已实现的接口:
Serializable
@DefaultKey("esc") @ValidScope("application") public class EscapeTool extends SafeConfig implements Serializable
Tool for working with escaping in Velocity templates. It provides methods to escape outputs for Velocity, Java, JavaScript, HTML, HTTP, XML and SQL. Also provides methods to render VTL characters that otherwise needs escaping.

Example uses:

  $velocity                    -> Please escape $ and #!
  $esc.velocity($velocity)     -> Please escape ${esc.d} and ${esc.h}!

  $java                        -> He didn't say, "Stop!"
  $esc.java($java)             -> He didn't say, \"Stop!\"

  $javascript                  -> He didn't say, "Stop!"
  $esc.javascript($javascript) -> He didn\'t say, \"Stop!\"

  $html                        -> "bread" & "butter"
  $esc.html($html)             -> "bread" & "butter"

  $xml                         -> "bread" & "butter"
  $esc.xml($xml)               -> "bread" & "butter"

  $sql                         -> McHale's Navy
  $esc.sql($sql)               -> McHale''s Navy

  $url                         -> hello here & there
  $esc.url($url)               -> hello+here+%26+there
  $esc.unurl($esc.url($url))   -> hello here & there

  $esc.dollar                  -> $
  $esc.d                       -> $

  $esc.hash                    -> #
  $esc.h                       -> #

  $esc.backslash               -> \
  $esc.b                       -> \

  $esc.quote                   -> "
  $esc.q                       -> "

  $esc.singleQuote             -> '
  $esc.s                       -> '

  $esc.newline                 ->

  $esc.n                       ->


  $esc.exclamation             -> !
  $esc.e                       -> !

Example tools.xml config (if you want to use this with VelocityView):

 <tools>
   <toolbox scope="application">
     <tool class="org.apache.velocity.tools.generic.EscapeTool"/>
   </toolbox>
 </tools>

This tool is entirely threadsafe, and has no instance members. It may be used in any scope (request, session, or application).

从以下版本开始:
VelocityTools 1.2
版本:
$Id: $
作者:
Shinobu Kawai
另请参阅:

  • 字段详细资料

  • 构造器详细资料

    • EscapeTool

      public EscapeTool()

  • 方法详细资料

    • configure

      protected void configure(ValueParser values)
      Does the actual configuration. This is protected, so subclasses may share the same ValueParser and call configure at any time, while preventing templates from doing so when configure(Map) is locked.
      覆盖:
      configure 在类中 SafeConfig
      参数:
      values - configuration values

    • setKey

      protected void setKey(String key)
      Sets the key under which this tool has been configured.
      参数:
      key - tool key
      另请参阅:

    • getKey

      public String getKey()
      Should return the key under which this tool has been configured. The default is 'esc'.
      返回:
      tool key
      另请参阅:

    • velocity

      public String velocity(Object obj)

      Escapes the characters in a String using "poor man's escaping" for Velocity templates by replacing all '$' characters with '${esc.d}' and all '#' characters with '${esc.h}'. This form of escaping is far more reliable and consistent than using '\' to escape valid references, directives and macros, though it does require that you have the EscapeTool available in the context when you later go to process the result returned by this method.

      NOTE: This will only work so long as the EscapeTool is placed in the context using its default key 'esc' or you are using VelocityTools 2.0+ and have put this tool in one of your toolboxes under an alternate key (in which case the EscapeTool will automatically be told what its new key is). If for some strange reason you wish to use an alternate key and are not using the tool management facilities of VelocityTools 2.0+, you must subclass this tool and manually call setKey(String) before using this method.

      参数:
      obj - the string value that needs escaping
      返回:
      String with escaped values, null if null string input

    • java

      public String java(Object string)

      Escapes the characters in a String using Java String rules.

      Delegates the process to StringEscapeUtils.escapeJava(String).

      参数:
      string - the string to escape values, may be null
      返回:
      String with escaped values, null if null string input
      另请参阅:
      • StringEscapeUtils.escapeJava(String)

    • propertyKey

      public String propertyKey(Object string)
      Escapes the characters in a String using java.util.Properties rules for escaping property keys.
      参数:
      string - the string to escape values, may be null
      返回:
      String with escaped values, null if null string input
      另请参阅:

    • propertyValue

      public String propertyValue(Object string)
      Escapes the characters in a String using java.util.Properties rules for escaping property values.
      参数:
      string - the string to escape values, may be null
      返回:
      String with escaped values, null if null string input
      另请参阅:

    • dumpString

      protected String dumpString(String string, boolean key)
      This code was pulled from the Apache Harmony project. See https://svn.apache.org/repos/asf/harmony/enhanced/classlib/trunk/modules/luni/src/main/java/java/util/Properties.java
      参数:
      string - property key or property value
      key - true for a property key
      返回:
      escaped string

    • javascript

      public String javascript(Object string)

      Escapes the characters in a String using JavaScript String rules.

      Delegates the process to StringEscapeUtils.escapeEcmaScript(String).

      参数:
      string - the string to escape values, may be null
      返回:
      String with escaped values, null if null string input
      另请参阅:
      • StringEscapeUtils.escapeEcmaScript(String)

    • html

      public String html(Object string)

      Escapes the characters in a String using HTML entities.

      Delegates the process to StringEscapeUtils.escapeHtml4(String).

      参数:
      string - the string to escape, may be null
      返回:
      a new escaped String, null if null string input
      另请参阅:
      • StringEscapeUtils.escapeHtml4(String)

    • url

      public String url(Object string)

      Escape the characters in a String to be suitable to use as an HTTP parameter value.

      Uses UTF-8 as default character encoding.

      参数:
      string - the string to escape, may be null
      返回:
      a new escaped String, null if null string input See java.net.URLEncoder#encode(String,String)
      从以下版本开始:
      VelocityTools 1.3

    • unurl

      public String unurl(Object string)

      Unscape the characters in a String encoded as an HTTP parameter value.

      Uses UTF-8 as default character encoding.

      参数:
      string - the string to unescape, may be null
      返回:
      a new unescaped String, null if null string input
      从以下版本开始:
      VelocityTools 3.0
      另请参阅:

    • xml

      public String xml(Object string)

      Escapes the characters in a String using XML entities.

      Delegates the process to StringEscapeUtils.escapeXml(java.lang.String).

      参数:
      string - the string to escape, may be null
      返回:
      a new escaped String, null if null string input
      另请参阅:
      • StringEscapeUtils.escapeXml(String)

    • sql

      public String sql(Object string)

      Escapes the characters in a String to be suitable to pass to an SQL query.

      It boils down to doubling single quotes.

      参数:
      string - the string to escape, may be null
      返回:
      a new String, escaped for SQL, null if null string input

    • unicode

      public String unicode(Object code)

      Converts the specified Unicode code point and/or escape sequence into the associated Unicode character. This allows numeric code points or String versions of the numeric code point to be correctly translated within a template. This is especially useful for those creating unicode from a reference value, or injecting a unicode character into a template with a version of Velocity prior to 1.6.

      参数:
      code - the code to be translated/escaped, may be null
      返回:
      the unicode character for that code, null if input was null
      另请参阅:

    • getDollar

      public String getDollar()
      Renders a dollar sign ($).
      返回:
      a dollar sign ($).
      另请参阅:

    • getD

      public String getD()
      Renders a dollar sign ($).
      返回:
      a dollar sign ($).
      另请参阅:

    • getHash

      public String getHash()
      Renders a hash (#).
      返回:
      a hash (#).
      另请参阅:

    • getH

      public String getH()
      Renders a hash (#).
      返回:
      a hash (#).
      另请参阅:

    • getBackslash

      public String getBackslash()
      Renders a backslash (\).
      返回:
      a backslash (\).
      另请参阅:

    • getB

      public String getB()
      Renders a backslash (\).
      返回:
      a backslash (\).
      另请参阅:

    • getQuote

      public String getQuote()
      Renders a double quotation mark (").
      返回:
      a double quotation mark (").
      另请参阅:

    • getQ

      public String getQ()
      Renders a double quotation mark (").
      返回:
      a double quotation mark (").
      另请参阅:

    • getSingleQuote

      public String getSingleQuote()
      Renders a single quotation mark (').
      返回:
      a single quotation mark (').
      另请参阅:

    • getS

      public String getS()
      Renders a single quotation mark (').
      返回:
      a single quotation mark (').
      另请参阅:

    • getNewline

      public String getNewline()
      Renders a new line character appropriate for the operating system ("\n" in java).
      返回:
      system newline string
      另请参阅:

    • getN

      public String getN()
      Renders a new line character appropriate for the operating system ("\n" in java).
      返回:
      system newline string
      另请参阅:

    • getExclamation

      public String getExclamation()
      Renders an exclamation mark (!).
      返回:
      an exclamation mark (!).
      另请参阅:

    • getE

      public String getE()
      Renders an exclamation mark (!).
      返回:
      an exclamation mark (!).
      另请参阅: