What's the difference between Android's Html.escapeHtml and TextUtils.htmlEncode ? When should I use one or the other?

android android-webview html-entities html-encode html-escape
JonasCz picture JonasCz · Jan 30, 2016 · Viewed 7.4k times · Source

Android has two different ways to escape / encode HTML characters / entities in Strings:

Reading the docs, they both seem to do pretty much the same thing, but, when testing them, I get some pretty mysterious (to me) output.

Eg. With the input: <p>This is a quote ". This is a euro symbol: €. <b>This is some bold text</b></p>

  • Html.escapeHtml gives:

    &lt;p&gt;This is a quote ". This is a euro symbol: &#8364;. &lt;b&gt;This is some bold text&lt;/b&gt;&lt;/p&gt;

  • Whereas TextUtils.htmlEncode gives:

    &lt;p&gt;This is a quote &quot;. This is a euro symbol: €. &lt;b&gt;This is some bold text&lt;/b&gt;&lt;/p&gt;

So it seems that the second escapes / encodes the quote ("), but the first doesn't, although the first encodes the Euro symbol, but the second doesn't. I'm confused.

So what's the difference between these two methods ? Which characters does each escape / encode ? What's the difference between encoding and escaping here ? When should I use one or the other (or should I, gasp, use them both together ?) ?

Answer

Mikhail Naganov picture Mikhail Naganov · Jan 30, 2016

You can compare their sources:

This is what Html.escapeHtml uses underneath:

https://github.com/android/platform_frameworks_base/blob/d59921149bb5948ffbcb9a9e832e9ac1538e05a0/core/java/android/text/Html.java#L387

This is TextUtils.htmlEncode:

https://github.com/android/platform_frameworks_base/blob/d59921149bb5948ffbcb9a9e832e9ac1538e05a0/core/java/android/text/TextUtils.java#L1361

As you can see, the latter only quotes certain characters that are reserved for markup in HTML, while the former also encodes non-ASCII characters, so they can be represented in ASCII.

Thus, if your input only contains Latin characters (which is usually unlikely nowadays), or you have set up Unicode in your HTML page properly, and can go along with TextUtils.htmlEncode. Whereas if you need to ensure that your text works even if transmitted via 7-bit channels, use Html.escapeHtml.

As for the different treating of the quote character (") -- it only needs to be escaped inside attribute values (see the spec), so if you are not putting your text there, you should be fine.

Thus, my personal choice would be Html.escapeHtml, as it seems to be more versatile.

Related questions

How to listen for a WebView finishing loading a URL?

I have a WebView that is loading a page from the Internet. I want to show a ProgressBar until the loading is complete. How do I listen for the completion of page loading of a WebView?

Read More
How to load external webpage inside WebView

My problem is that the webpage is not loaded inside the webview. mWebview.loadUrl("http://www.google.com"); launches the web browser... This is the code of my activity: import android.app.Activity; import android.os.Bundle; import android.webkit.…

Read More
How to go back to previous page if back button is pressed in WebView?

I have an app in which I have a WebView where I display some websites. It works, clicking a link in the webpage goes to the next page in the website inside my app. But when I click the phone's …

Read More