© 2009 Google - Privacy Policy - Terms and Conditions - About Google
public abstract static class EscapingConventions.CrossLanguageStringXform
extends com.google.common.escape.Escaper
1 < 2 can be escaped to the equivalent HTML string
1 < 2.http://www.google.com/search?q=O'Reilly is equivalent to
http://www.google.com/search?q=O%27Reilly but the latter can be safely
embedded in a single quoted HTML attribute.h1 might pass an html identifier filter but the string
><script>alert('evil')</script> should not and could be replaced by an innocuous
value like zzz.| Modifier | Constructor and Description |
|---|---|
protected |
EscapingConventions.CrossLanguageStringXform(Pattern valueFilter,
String nonAsciiPrefix) |
| Modifier and Type | Method and Description |
|---|---|
protected abstract com.google.common.collect.ImmutableList<EscapingConventions.Escape> |
defineEscapes()
Returns the escapes used for this escaper.
|
Appendable |
escape(Appendable out) |
String |
escape(String string) |
String |
getDirectiveName()
The name of the directive associated with this escaping function.
|
com.google.common.collect.ImmutableList<EscapingConventions.Escape> |
getEscapes()
The escapes need to translate the input language to the output language.
|
String |
getInnocuousOutput()
Returns an innocuous string in this context that can be used when filtering.
|
List<String> |
getLangFunctionNames(EscapingConventions.EscapingLanguage language)
The names of existing language builtins or available library functions (such as Google
Closure) that implement the escaping convention.
|
String |
getNonAsciiPrefix()
An escaping prefix in
"%", "\\u", "\\" which specifies how to escape non-ASCII code
units not in the sparse mapping. |
Pattern |
getValueFilter()
Null if the escaper accepts all strings as inputs, or otherwise a regular expression
that accepts only strings that can be escaped by this escaper.
|
protected EscapingConventions.CrossLanguageStringXform(@Nullable Pattern valueFilter, @Nullable String nonAsciiPrefix)
valueFilter - null if the directive accepts all strings as inputs. Otherwise
a regular expression that accepts only strings that can be escaped by this directive.nonAsciiPrefix - An escaping prefix in "%", "\\u", "\\" which specifies how to
escape non-ASCII code units not in the sparse mapping.
If null, then non-ASCII code units outside the sparse map can appear unescaped.protected abstract com.google.common.collect.ImmutableList<EscapingConventions.Escape> defineEscapes()
public String getDirectiveName()
|escapeHtml@Nullable public final String getNonAsciiPrefix()
"%", "\\u", "\\" which specifies how to escape non-ASCII code
units not in the sparse mapping.
If null, then non-ASCII code units outside the sparse map can appear unescaped.@Nullable public final Pattern getValueFilter()
public final com.google.common.collect.ImmutableList<EscapingConventions.Escape> getEscapes()
public List<String> getLangFunctionNames(EscapingConventions.EscapingLanguage language)
language - The language being escaped.null if there is no such function.public String getInnocuousOutput()
public final String escape(String string)
escape in class com.google.common.escape.Escaperpublic final Appendable escape(Appendable out)
© 2009 Google - Privacy Policy - Terms and Conditions - About Google