Escaping text can be rather complicated.
Some things to think about (not exhaustive):
* Escaping HTML/XHTML/XML?
* Do you want/need an HTML parser?
* Do you escape it all/some (eg: allow "<br>" but not the rest)?
* Do you escape Unicode? if so, to what target (form encoding? url
* What is your target encoding? (UTF-8? UTF-16? ISO-8859-1? other?)
* What target are you escaping to? (html presentation? json? browser? xml
attribute? yaml text? java manifests? etc...)
* Is your target a url? (you have different rules for escaping in hostname
vs path vs query)
Joakim Erdfelt / joa...@webtide.com
On Tue, Mar 6, 2018 at 10:19 AM, John English <john.fore...@gmail.com>
> On 05/03/2018 21:01, Alexander Farber wrote:
>> Good evening,
>> what would be a method in Jetty to escape HTML characters in a String?
> OWASP has an easy-to-use Encoder class:
> The OWASP XSS prevention cheat sheet is also worth a read:
> John English
> jetty-users mailing list
> To change your delivery options, retrieve your password, or unsubscribe
> from this list, visit
jetty-users mailing list
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit