0

I am using org.apache.commons.lang.StringEscapeUtils to escape HTML tags:

StringEscapeUtils.escapeHtml(str);

What I want is to avoid escaping few particular tags. e.g. 

<h1>this is h1</h1>
<ul>
<li></li>
<li></li>
</ul>

After escaping it should connvert all < to &lt; and > to &gt; except <ul> and <li> tag. Here i don't want to escape <ul> <li> tags because in HTML page i have to show content as list so i need ul and li.

How can i do this in java and javascript.

Improve this question

1 Answer 1

Reset to default
1

You don't want a simple string escape util, which is what you're using.

What you want is an HTML sanitizer, like the OWASP Java HTML Sanitizer. It allows whitelists of HTML tags to not escape, e.g., custom HTML policies with which you can specify allowed tags, in case the default sanitizers don't meet your needs.

Other libraries also do this, like JSoup with its cleaning functionality.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

which one is preferable
@Manish Preference questions are OT for SO. Whichever suits your needs best.
its good but the problem is its removes tag e.g <h1> completly. that i dont want what i want is just encode it

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.