Login/Register
What's the difference between Android's Html.escapeHtml and TextUtils.htmlEncode ? When should I use one or the other?
Asked Answered
Solved androidandroid-webviewhtml-entitieshtml-encodehtml-escape
T

1

15

Android has two different ways to escape / encode HTML characters / entities in Strings:

Reading the docs, they both seem to do pretty much the same thing, but, when testing them, I get some pretty mysterious (to me) output.

Eg. With the input: <p>This is a quote ". This is a euro symbol: €. <b>This is some bold text</b></p>

  • Html.escapeHtml gives:

    &lt;p&gt;This is a quote ". This is a euro symbol: &#8364;. &lt;b&gt;This is some bold text&lt;/b&gt;&lt;/p&gt;

  • Whereas TextUtils.htmlEncode gives:

    &lt;p&gt;This is a quote &quot;. This is a euro symbol: €. &lt;b&gt;This is some bold text&lt;/b&gt;&lt;/p&gt;

So it seems that the second escapes / encodes the quote ("), but the first doesn't, although the first encodes the Euro symbol, but the second doesn't. I'm confused.

So what's the difference between these two methods ? Which characters does each escape / encode ? What's the difference between encoding and escaping here ? When should I use one or the other (or should I, gasp, use them both together ?) ?

Tweet answered 30/1, 2016 at 16:18 Comment(0)
C
22

You can compare their sources:

This is what Html.escapeHtml uses underneath:

https://github.com/android/platform_frameworks_base/blob/d59921149bb5948ffbcb9a9e832e9ac1538e05a0/core/java/android/text/Html.java#L387

This is TextUtils.htmlEncode:

https://github.com/android/platform_frameworks_base/blob/d59921149bb5948ffbcb9a9e832e9ac1538e05a0/core/java/android/text/TextUtils.java#L1361

As you can see, the latter only quotes certain characters that are reserved for markup in HTML, while the former also encodes non-ASCII characters, so they can be represented in ASCII.

Thus, if your input only contains Latin characters (which is usually unlikely nowadays), or you have set up Unicode in your HTML page properly, and can go along with TextUtils.htmlEncode. Whereas if you need to ensure that your text works even if transmitted via 7-bit channels, use Html.escapeHtml.

As for the different treating of the quote character (") -- it only needs to be escaped inside attribute values (see the spec), so if you are not putting your text there, you should be fine.

Thus, my personal choice would be Html.escapeHtml, as it seems to be more versatile.

Canoodle answered 30/1, 2016 at 17:17 Comment(2)
Thanks, especially for the explanation of things of when to use what and why, which is what I was unsure about. +1.Tweet
Thanks for the references and the explanationAshbey

© 2022 - 2024 — McMap. All rights reserved.