HEsc class abstract

Escaping arbitrary values for use in HTML documents.

  • Use attr to escape values to be used in attribute values.
  • Use text to escape values to be used in CDATA content.
  • Use lines to escape values to be used in CDATA content, where line breaks are to be indicated with <br/> tags.

These methods can be passed any Object. If they are not Strings, the toString method is invoked on it to obtain it string representation to escape.

Example

const alpha = 'Don\'t use <blink> & "bad" tags.';
const beta = "1. First line\n2. second line\n3. third line";

resp.write('''
<p>${HEsc.text(alpha)}</p>
<p title="${HEsc.attr(alpha)}">attr</p>
<p>${HEsc.text(123)}</p>
<p>${HEsc.text(DateTime.now())}</p>
<p>${HEsc.lines(beta)}</p>
''');

Writes out:

<p>Don't use &lt;blink&gt; &amp; "bad" tags.</p>
<p title="Don&apos;t use &lt;blink&gt; &amp; &quot;bad&quot; tags.">attr</p>
<p>123</p>
<p>2023-10-18 17:00:00.000000</p>
<p>1. First line<br/>2. second line<br/>3. third line</p>

Alternatives

The standard dart:convert library defines a HtmlEscape class which can be used to perform a similar function. But it only converts Strings, is harder and is more verbose to use. It also encodes single quotes as &#39; instead of the more human readable &apos;.

Properties

hashCode int
The hash code for this object.
no setterinherited
runtimeType Type
A representation of the runtime type of the object.
no setterinherited

Methods

noSuchMethod(Invocation invocation) → dynamic
Invoked when a nonexistent method or property is accessed.
inherited
toString() String
A string representation of this object.
inherited

Operators

operator ==(Object other) bool
The equality operator.
inherited

Static Methods

attr(Object? value) String
Escape values for placement inside a HTML or XML attribute.
lines(Object? value) String
Format multi-line text for placement inside a HTML element.
text(Object? value) String
Escape values for placement inside the contents of a HTML or XML element.