When i need to escape Html string?

Question

In my legacy project i can see the usage of escapeHtml before string is sent to browser.

StringEscapeUtils.escapeHtml(stringBody);

I know from

Answer 1

HTML (nowadays we would better say XML) defines many so called "special" characters, which means that these characters have special meaning for browser in contrast with "normal" characters that just mean themselves. For example, string "Hello, World!" contains only "normal" characters and thus it literally means "Hello, World!" for browser. String "Hello, World!", contains special characters '<', '>' and '/', and for browser it means: typeset string "Hello, World!" in bold instead of just typeset "Hello, World!".

Method escapeHtml (String) probably (I cannot tell for sure because I don't know how it is implemented) converts arbitrary string into HTML code that will instruct browser to literally typeset this string. For example, escapeHtml ("Hello, World!") whill return HTML code that will be interpreted by browser as typeset "Hello, World!" normally instead of typeset string "Hello, World!" in bold. If method escapeHtml (String) is implemented correctly, you should not care how HTML code produced by this method looks like. Just use it where you want to ask browser to typeset some string literally.