Important Notice - Forums is archived
To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.
How to escape an HTML attribute
Unfortunately I had to resort to building HTML from server side. (some advanced stuff in Grid using HtmlRenderer).
Is there an easy way to create a "safe" string value for HTML attribute without bringing in an external library (e.g. Apache Commons) and without bringing in Vaadin Client lib.
There's static method VaadinServlet.safeEscapeForHtml() but it is deprecated and doesn't say what the alternative is.
Might be stating the obvious here, but have you tried the usual method of
+"var $HTMLpopup = $('<div class=\"popupContainer\">"
+"<span class=\"cancelBtn big\"></span>"
jason attin: Might be stating the obvious here, but have you tried the usual method of
+"var $HTMLpopup = $('<div class=\"popupContainer\">" +"<span class=\"cancelBtn big\"></span>"
Ahh. What is meant by HTML escaping is something entirely different. What you are doing above is simply source code escaping (for a lack of better word).
Here's an HTML escaping example:
Input string: Ben & Jerry's makes you fat.
Output string: Ben & Jerry's makes you fat.
And here's a source code example:
String tooltip = "Ben & Jerry's makes you fat";
String htmlStr = "<div title=\"" +
safeHtml(tooltip) + "\">ICECREAM</div>";
So, what I'm looking for is the safeHtml method (just my name for it). As mentioned Vaadin already has this in the form of
VaadinServlet.safeEscapeForHtml() but is is deprecated.