HEsc class abstract
Escaping arbitrary values for use in HTML documents.
- Use attr to escape values to be used in attribute values.
- Use text to escape values to be used in CDATA content.
- Use lines to escape values to be used in CDATA content, where
line breaks are to be indicated with
<br/>tags.
These methods can be passed any Object. If they are not Strings, the toString method is invoked on it to obtain it string representation to escape.
Example
const alpha = 'Don\'t use <blink> & "bad" tags.';
const beta = "1. First line\n2. second line\n3. third line";
resp.write('''
<p>${HEsc.text(alpha)}</p>
<p title="${HEsc.attr(alpha)}">attr</p>
<p>${HEsc.text(123)}</p>
<p>${HEsc.text(DateTime.now())}</p>
<p>${HEsc.lines(beta)}</p>
''');
Writes out:
<p>Don't use <blink> & "bad" tags.</p>
<p title="Don't use <blink> & "bad" tags.">attr</p>
<p>123</p>
<p>2023-10-18 17:00:00.000000</p>
<p>1. First line<br/>2. second line<br/>3. third line</p>
Alternatives
The standard dart:convert library defines a HtmlEscape class which can
be used to perform a similar function.
But it only converts Strings, is harder and is more verbose to use.
It also encodes single quotes as ' instead of the more human readable
'.
Properties
- hashCode → int
-
The hash code for this object.
no setterinherited
- runtimeType → Type
-
A representation of the runtime type of the object.
no setterinherited
Methods
-
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a nonexistent method or property is accessed.
inherited
-
toString(
) → String -
A string representation of this object.
inherited
Operators
-
operator ==(
Object other) → bool -
The equality operator.
inherited