HTML Escape Characters

I have some registration forms in my web site, I wan to prevent user from entering HTML tags in input text fields and textareas (actually HTML injection), In fact I want to display the entered info in a way that entered HTML tags don't affect on the appearance of the web site and the actual tags be displayed on the page. I know that the solution is replacing the critical characters in the entered text with their corresponding Escape codes, But is there any class or method which does this for me?

I know there are such functions in Perl and PHP.

Regards

http://behravesh.ws

Message was edited by:

Ehsun

[645 byte] By [Ehsuna] at [2007-11-26 15:19:14]

«« Help with program
»» can we deploy as war file with admin console of weblogic

# 1

You can use StringEscapeUtils from Apache commons...

String HTML = "<B>$ to \u00A3 Rate</B>";// Original values

System.out.println(HTML);

System.out.println();

// Conversion examples

System.out.println(StringEscapeUtils.escapeJava(Java));

Produces...

Parker_a at 2007-7-8 11:02:58 >

top of Java-index,Enterprise & Remote Computing,Web Tier APIs...

# 2

Thanks But where can I download apache.commons, I cannot find the proper link through search engines!

Ehsuna at 2007-7-8 11:02:58 >

# 3

Use following link http://jakarta.apache.org/site/downloads/downloads_commons-lang.cgi

alwinjosha at 2007-7-8 11:02:58 >

Enterprise & Remote Computing

Web Tier APIs

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

HTML Escape Characters

Enterprise & Remote Computing New Topic

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

All Classified