问题
I am using StringEscapeUtils to escape and unescape html. I have following code
import org.apache.commons.lang.StringEscapeUtils;
public class EscapeUtils {
public static void main(String args[]) {
String string = " 4-Spaces ,\"Double Quote\", 'Single Quote', \\Back-Slash\\, /Forward Slash/ ";
String escaped = StringEscapeUtils.escapeHtml(string);
String myEscaped = escapeHtml(string);
String unescaped = StringEscapeUtils.unescapeHtml(escaped);
String myUnescaped = StringEscapeUtils.unescapeHtml(myEscaped);
System.out.println("Real String: " + string);
System.out.println();
System.out.println("Escaped String: " + escaped);
System.out.println("My Escaped String: " + myEscaped);
System.out.println();
System.out.println("Unescaped String: " + unescaped);
System.out.println("My Unescaped String: " + myUnescaped);
System.out.println();
System.out.println("Comparison:");
System.out.println("Real String == Unescaped String: " + string.equals(unescaped));
System.out.println("Real String == My Unescaped String: " + string.equals(myUnescaped));
System.out.println("Unescaped String == My Unescaped String: " + unescaped.equals(myUnescaped));
}
public static String escapeHtml(String s) {
String escaped = "";
if(null != s) {
escaped = StringEscapeUtils.escapeHtml(s);
escaped = escaped.replaceAll(" "," ");
escaped = escaped.replaceAll("'","'");
escaped = escaped.replaceAll("\\\\","\");
escaped = escaped.replaceAll("/","/");
}
return escaped;
}
}
Output:
Real String: 4-Spaces ,"Double Quote", 'Single Quote', \Back-Slash\, /Forward Slash/
Escaped String: 4-Spaces ,"Double Quote", 'Single Quote', \Back-Slash\, /Forward Slash/
My Escaped String: 4-Spaces ,"Double Quote", 'Single Quote', \Back-Slash\, /Forward Slash/
Unescaped String: 4-Spaces ,"Double Quote", 'Single Quote', \Back-Slash\, /Forward Slash/
My Unescaped String: 4-Spaces ,"Double Quote", 'Single Quote', \Back-Slash\, /Forward Slash/
Comparison:
Real String == Unescaped String: true
Real String == My Unescaped String: false
Unescaped String == My Unescaped String: false
I escaped the real string and then unescaped it. but myEsceped is first escaped with same process, and then some more html characters are replaced with their html codes. myUnescaped is actually unescape of myEscaped which has same contents as that of real string.
Output shows that real string, unescaped, and myUnescaped contents are same. But, as in Comparison section, myUnescaped is not equal to string and unescaped.
I don't understand it yet what is actually happening here. Can anyone explain it?
回答1:
This due to while escaping HTML, you are replacing ' ' with
public static String escapeHtml(String s) {
String escaped = "";
if(null != s) {
escaped = StringEscapeUtils.escapeHtml(s);
escaped = escaped.replaceAll(" "," "); // HERE
escaped = escaped.replaceAll("'","'");
escaped = escaped.replaceAll("\\\\","\");
escaped = escaped.replaceAll("/","/");
}
return escaped;
}
While StringEscapeUtils.escapeHtml does not escape ' ', below is the example on their site:
"bread" & "butter"
becomes
"bread" & "butter"
Which means StringEscapeUtils.escapeHtml preserves spaces
If from escapeHtml you remove escaped = escaped.replaceAll(" "," ");, unescaped and myUnescaped match !
回答2:
After Apurv Answer, I have analyzed bytes array of strings.
String: 32, 32, 32, 32, 52, 45, 83, 112, 97, 99, 101, 115, 32, 32, 32, 32, 44, 34, 68, 111, 117, 98, 108, 101, 32, 81, 117, 111, 116, 101, 34, 44, 32, 39, 83, 105, 110, 103, 108, 101, 32, 81, 117, 111, 116, 101, 39, 44, 32, 92, 66, 97, 99, 107, 45, 83, 108, 97, 115, 104, 92, 44, 32, 47, 70, 111, 114, 119, 97, 114, 100, 32, 83, 108, 97, 115, 104, 47, 32
unescaped : 32, 32, 32, 32, 52, 45, 83, 112, 97, 99, 101, 115, 32, 32, 32, 32, 44, 34, 68, 111, 117, 98, 108, 101, 32, 81, 117, 111, 116, 101, 34, 44, 32, 39, 83, 105, 110, 103, 108, 101, 32, 81, 117, 111, 116, 101, 39, 44, 32, 92, 66, 97, 99, 107, 45, 83, 108, 97, 115, 104, 92, 44, 32, 47, 70, 111, 114, 119, 97, 114, 100, 32, 83, 108, 97, 115, 104, 47, 32
myUnescaped: -96, -96, -96, -96, 52, 45, 83, 112, 97, 99, 101, 115, -96, -96, -96, -96, 44, 34, 68, 111, 117, 98, 108, 101, -96, 81, 117, 111, 116, 101, 34, 44, -96, 39, 83, 105, 110, 103, 108, 101, -96, 81, 117, 111, 116, 101, 39, 44, -96, 92, 66, 97, 99, 107, 45, 83, 108, 97, 115, 104, 92, 44, -96, 47, 70, 111, 114, 119, 97, 114, 100, -96, 83, 108, 97, 115, 104, 47, -96
I seems in myUnescaped, spaces has converted to ascii -96 instead of 32.
So I wrote an unescapeHtml method as below. This method first replaces   with a space and then use StringEscapeUtils to unescape html.
public static String unescapeHtml(String s) {
String unescaped = "";
if(null != s) {
unescaped = s.replaceAll(" ", " ");
unescaped = StringEscapeUtils.unescapeHtml(unescaped);
}
return unescaped;
}
Then I got myUnescaped using following code.
String myUnescaped = unescapeHtml(myEscaped);
This gave me myUnescaped string equal to string and unescaped.
ALTERNATIVELY I replaced with  . This does not require me to write unescapeHtml mehod. Updated escapeHtml method's code is given below.
public static String escapeHtml(String s) {
String escaped = "";
if(null != s) {
escaped = StringEscapeUtils.escapeHtml(s);
escaped = escaped.replaceAll(" "," "); //updated line
escaped = escaped.replaceAll("'","'");
escaped = escaped.replaceAll("\\\\","\");
escaped = escaped.replaceAll("/","/");
}
return escaped;
}
来源:https://stackoverflow.com/questions/16207625/string-contents-are-same-but-equals-method-returns-false