Package com.atlassian.confluence.util

Class HtmlUtil

java.lang.Object
com.atlassian.confluence.util.HtmlUtil
public final class HtmlUtil extends Object
Utility class for encoding and decoding HTML and URL strings. This class and all its methods are exposed on the Velocity context. Please be mindful not to introduce methods that could be exploited in the event of an SSTI vulnerability.
Since:
5.3
See Also:

  • Field Details

    • INSTANCE

      public static final HtmlUtil INSTANCE

  • Constructor Details

    • HtmlUtil

      public HtmlUtil()

  • Method Details

    • htmlEncode

      public static String htmlEncode(Object object)
      Encodes the given Object to be HTML safe using entity escapes. If the object is a number, returns the string it in string format If the object is a string, returns htmlEncoded string For everything else returns an empty string
      Parameters:
      object - the object to encode.
      Returns:
      the encoded text.

    • htmlEncode

      public static String htmlEncode(String text)
      Encodes the given text to be HTML safe using entity escapes.
      Parameters:
      text - the text to encode.
      Returns:
      the encoded text.

    • htmlEncodeAndReplaceSpaces

      public static String htmlEncodeAndReplaceSpaces(String text)
      Encodes the given text to be HTML safe using entity escapes, and embedding non-breaking spaces in place of spaces.
      Parameters:
      text - the text to encode.
      Returns:
      the encoded text.

    • completeUrlEncode

      @Deprecated public static String completeUrlEncode(String url)
      Deprecated.
      since 8.7 use completeUrlEncode(String, Charset)
      Encodes the given url for protocols which the CompleteURLEncoder supports. To only encode HTTP form parameter/values or fragments, use urlEncode(String) instead. Uses the character encoding as per GeneralUtil.getDefaultCharset().
      Parameters:
      url - the entire URL to encode
      Returns:
      encoded url
      Since:
      5.3.3

    • completeUrlEncode

      public static String completeUrlEncode(String url, Charset encoding)
      Encodes the given url for protocols which the CompleteURLEncoder supports. To only encode HTTP form parameter/values or fragments, use urlEncode(String) instead. Uses the character encoding as per GeneralUtil.getDefaultCharset().
      Parameters:
      url - the entire URL to encode
      Returns:
      encoded url
      Since:
      8.7

    • urlEncode

      @Deprecated public static String urlEncode(String text)
      Deprecated.
      since 8.7 use urlEncode(String, Charset)
      Encodes HTTP form parameter/values, using the character encoding as per GeneralUtil.getDefaultCharset(). To encode entire URLs, use completeUrlEncode(java.lang.String) instead.
      Parameters:
      text - part of the url to encode
      Returns:
      encoded url
      Since:
      5.3.3

    • urlEncode

      @Deprecated public static String urlEncode(String text, String encoding)
      Deprecated.
      since 8.7 use urlEncode(String, Charset)
      Encodes HTTP form parameter/values. To encode entire URLs, use completeUrlEncode(java.lang.String) instead.
      Parameters:
      text - part of the url to encode
      encoding - the character encoding to use
      Returns:
      encoded url
      Since:
      5.3.3

    • urlEncode

      public static String urlEncode(String text, Charset encoding)
      Encodes HTTP form parameter/values. To encode entire URLs, use completeUrlEncode(java.lang.String) instead.
      Since:
      8.7

    • urlDecode

      @Deprecated public static String urlDecode(String url)
      Deprecated.
      since 8.7 use urlDecode(String, Charset)
      Decodes URL percent encoded characters, using the character encoding as per GeneralUtil.getDefaultCharset().
      Parameters:
      url - the URL to decode
      Returns:
      the decoded string

    • urlDecode

      @Deprecated public static String urlDecode(String url, String encoding)
      Deprecated.
      since 8.7 use urlDecode(String, Charset)

    • urlDecode

      public static String urlDecode(String url, Charset encoding)
      Decodes URL percent encoded characters.
      Parameters:
      url - the URL to decode
      encoding - the character encoding to use while decoding
      Returns:
      the decoded string
      Since:
      8.7

    • resoluteUrlDecode

      public static String resoluteUrlDecode(String encodedStr, Charset charset)
      Variant of URLCodec.decode(String, String) that ignores invalid encoded sequences and continues to decode the remainder of the String.

      Invalid sequences include those with invalid hex characters (%GG) and incomplete sequences (%A).

    • loopedUrlDecode

      public static String loopedUrlDecode(String str, Charset charset)
      Repeatedly resolves URL-encoded sequences in a string until it remains constant.

    • loopedUrlDecode

      public static String loopedUrlDecode(String str)
      Uses the character encoding as per Confluence global settings.
      See Also:

    • shouldUrlDecode

      public static boolean shouldUrlDecode(String text)
      Checks if the given text should contains any percent encoded characters that should be decoded.
      Parameters:
      text - the text to check
      Returns:
      true, if the text should be decoded

    • reencodeURL

      @Deprecated public static String reencodeURL(String originalUrl)
      Deprecated.
      since 8.7 use reencodeURL(String, Charset)
      Attempts to handle common encoding errors in hand-edited URLs, such as failing to URL encode quotes.
      Parameters:
      originalUrl - the url to re-encode.
      Returns:
      the re-encoded URL, or the original value if it cannot be

    • reencodeURL

      public static String reencodeURL(String originalUrl, Charset encoding)
      Attempts to handle common encoding errors in hand-edited URLs, such as failing to URL encode quotes.
      Parameters:
      originalUrl - the url to re-encode.
      Returns:
      the re-encoded URL, or the original value if it cannot be
      Since:
      8.7