html:
import org.springframework.web.util.HtmlUtils;
1.HtmlUtils.htmlEscape()
2.HtmlUtils.htmlEscapeDecimal()
3.HtmlUtils.htmlEscapeHex()
代码:
String s = HtmlUtils.htmlEscape("<div>hello world</div><p> </p>");
System.out.println(s);
String s2 = HtmlUtils.htmlUnescape(s);
System.out.println(s2);
输出:
<div>hello world</div><p>&nbsp;</p>
<div>hello world</div><p> </p>
sql:
import org.apache.commons.lang.StringEscapeUtils;
StringEscapeUtils.escapeSql("admin' or '1=1")
输出为: admin'' or ''1=1