Server.HTMLEncode( String ) ?

["Rob S." <rs...@home.com>]

VBScript <shiver> has this.  It's a nice way to take otherwise 'bad' HTML
for use in fields (no " allowed) and direct display (no <script>, etc.), and
escape it.  Anything similar for Java/JSP/Servlets?

- r

RE: Server.HTMLEncode( String ) ?

["Rob S." <rs...@home.com>]

'allo Bruce,

> No, but it isn't too hard to implement yourself; there are only four
> characters you need to escape: <>&"

I'm more of the "even if its easy, why bother if it's already there" type of
guy.  I'm no expert on HTML, and thought maybe someone had something more
useful or that thought of something I didn't.  I ended up writing one last
nite just for the funk of it, in case there wasn't one.

> Why do you shiver at VBScript when you're willing to use JSP, which may
> be theoretically more elegant but isn't any easier in practice?

Hmm... everything being a variant, having to use it on an MS platform unless
you want to go with a p.o.s. like iASP and products like it, I think
Chilisoft's being the other.  I guess those would be two of the many
reasons, off the top of my head ;)

- r

Re: Server.HTMLEncode( String ) ?

[br...@alum.mit.edu]

"Rob S." <rs...@home.com> writes:

> VBScript <shiver> has this.  It's a nice way to take otherwise 'bad' HTML
> for use in fields (no " allowed) and direct display (no <script>, etc.), and
> escape it.  Anything similar for Java/JSP/Servlets?

No, but it isn't too hard to implement yourself; there are only four
characters you need to escape: <>&"

Why do you shiver at VBScript when you're willing to use JSP, which may
be theoretically more elegant but isn't any easier in practice?  If you
really want to step up from VBScript, try my general-purpose BRL servlet
(free/open source software), which, among a lot of other things,
provides a function that does the HTML escape you asked about.

-- 
Bruce R. Lewis				http://brl.sourceforge.net/