It is often necessary to escape the special html code from the user input in case of avoiding cross site attack (XSS).

Initially i thought jdk provides a method somewhere to do this like function htmlentities() in php, but i failed to find it. All i found is a class called “URLEncoder ” which i don’t think can do this job.

I don’t want to reinvent the wheel as I believe there must be some java packages available that do this job. Googling “java encode html” didn’t lead me straight to the right java package (at least not the one I’d like to use).

After a while, I finally found one package i’d like to use. it’s from Apache Commons project, called “Commons Lang“. The method “StringEscapeUtils.escapeHtml(…) ” can do the encode job while the other method called unescapeHtml can do the decode job. So, I don’t have to write my own method…