Why does an apostophe in my Java String appear as `'` in my HTML?

java html string escaping
14,603

Solution 1

This character is escaped to prevent XSS if the resulting string is used in HTML attribute quoted with '. See OWASP XSS Prevention Cheat Sheet.

I don't think it's a good idea to disable such security precautions, since they don't harm the normal behaviour.

Solution 2

Just like the '<', '>', and other characters, the quote is replaced by that code to avoid nasty surprises when the browser is rendering the page. Take a look at this list by W3Schools for a complete list of codes and their respective symbol.

Solution 3

If you're using JSTL the c:out tag has an escapeXml attribute, you can set it to false to avoid encoding characters.

Solution 4

Special characters appear as ampersand escaped numbers because they mean something in HTML. In this case the ' is used to start a string literal. if you want it to actually show the ' then you have to replace it with the escaping. That's the why.

I don't know why you'd want to avoid it though.

Share:
14,603
Admin
Author by

Admin

Updated on June 22, 2022

Comments

  • Admin
    Admin almost 2 years

    Why does the Java string:

    "God's wrath"

    appear in HTML as

    God&#039;s wrath

    How to avoid this?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Escape string with PHP and HTML
Differences between \W, \\W, [^a-zA-Z0-9_] in regular expression
Render a jsp page from code and get the rendered html output as a string
How to escape the < and ≤ symbols in xml?
escaping backslash in java string literal
Escape space with backslash in java
remove html tags from string using java
HTML-Entity escaping to prevent XSS
Difference between &#32; and &nbsp;
Remove all occurrences of \ from string