How to escape an HTML attribute

Unfortunately I had to resort to building HTML from server side. (some advanced stuff in Grid using HtmlRenderer).

Is there an easy way to create a "safe" string value for HTML attribute without bringing in an external library (e.g. Apache Commons) and without bringing in Vaadin Client lib.

There's static method VaadinServlet.safeEscapeForHtml() but it is deprecated and doesn't say what the alternative is.

Might be stating the obvious here, but have you tried the usual method of 

+"var $HTMLpopup = $('<div class=\"popupContainer\">"
            +"<span class=\"cancelBtn big\"></span>"

jason attin: Might be stating the obvious here, but have you tried the usual method of 

+"var $HTMLpopup = $('<div class=\"popupContainer\">"
            +"<span class=\"cancelBtn big\"></span>"

Ahh. What is meant by HTML escaping is something entirely different. What you are doing above is simply source code escaping (for a lack of better word).

Here's an HTML escaping example:

Input string:   Ben & Jerry's makes you fat.

Output string:   Ben & Jerry's makes you fat.

And here's a source code example:

String tooltip = "Ben & Jerry's makes you fat";
String htmlStr = "<div title=\"" +
        safeHtml(tooltip) + "\">ICECREAM</div>";
                 

So, what I'm looking for is the safeHtml method (just my name for it). As mentioned Vaadin already has this in the form of
VaadinServlet.safeEscapeForHtml() but is is deprecated.

HI, sorry I clearly misunderstood the question