The EscapeTool allows escaping in Velocity templates. It provides methods to escape outputs for Java, JavaScript, HTML, XML and SQL. Also provides methods to render VTL characters that otherwise needs escaping.
The following example shows how the EscapeTool Viewtool is mapped in the toolbox.xml file:
<tool>
<key>esc</key>
<scope>application</scope>
<class>org.apache.velocity.tools.generic.EscapeTool</class>
</tool>
This tool is entirely threadsafe, and has no instance members. It may be used in any scope (request, session, or application).
Usage
| Method | Description |
|---|---|
$esc.java($java) | Escapes Java code |
$esc.javascript($javascript) | Escapes JavaScript code |
$esc.html($html) | Escapes raw HTML |
$esc.xml($xml) | Escapes raw XML |
$esc.sql($sql) | Escapes SQL |
$esc.dollar$esc.d | Escapes $ |
$esc.hash$esc.h | Escapes # |
$esc.backslash$esc.b | Escapes \ |
$esc.quote$esc.q | Escapes " |
$esc.singleQuote$esc.s | Escapes ' |
$esc.exclamation$esc.e | Escapes ! |
Examples
$java = He didn't say, "Stop!"
$esc.java($java) = He didn't say, \"Stop!\"
$javascript = He didn't say, "Stop!"
$esc.javascript($javascript) = He didn\'t say, \"Stop!\"
$html = "bread" & "butter"
$esc.html($html) = "bread" & "butter"
$xml = "bread" & "butter"
$esc.xml($xml) = "bread" & "butter"
$sql = McHale's Navy
$esc.sql($sql) = McHale''s Navy
$esc.dollar = $
$esc.d = $
$esc.hash = #
$esc.h = #
$esc.backslash = \
$esc.b = \
$esc.quote = "
$esc.q = "
$esc.singleQuote = '
$esc.s = '
$esc.exclamation = !
$esc.e = !
About
| Since | VelocityTools 1.2 |
| Author | Shinobu Kawai |
