Recommended method for escaping HTML in Java

Question

Is there a recommended way to escape <, >, " and & characters when outputting HTML in plain Java code? (Other than manually doing the following, that is).

String source = "The less than sign (<) and ampersand (&) must be escaped before using them in HTML";
String escaped = source.replace("<", "&lt;").replace("&", "&amp;"); // ...

Answer 1

StringEscapeUtils from Apache Commons Lang:

import static org.apache.commons.lang.StringEscapeUtils.escapeHtml;
// ...
String source = "The less than sign (<) and ampersand (&) must be escaped before using them in HTML";
String escaped = escapeHtml(source);

Answer 2

An alternative to Apache Commons: Use Spring's HtmlUtils.htmlEscape(String input) method.

Answer 3

For some purposes:
HtmlUtils.htmlEscapeDecimal("&") gives &
HtmlUtils.htmlEscape("&") gives &