Wicket uses the following method to escape html, located in: org.apache.wicket.util.string.Strings
public static CharSequence escapeMarkup(final String s, final boolean escapeSpaces,
final boolean convertToHtmlUnicodeEscapes)
{
if (s == null)
{
return null;
}
else
{
int len = s.length();
final AppendingStringBuffer buffer = new AppendingStringBuffer((int)(len * 1.1));
for (int i = 0; i < len; i++)
{
final char c = s.charAt(i);
switch (c)
{
case '\t' :
if (escapeSpaces)
{
// Assumption is four space tabs (sorry, but that's
// just how it is!)
buffer.append(" ");
}
else
{
buffer.append(c);
}
break;
case ' ' :
if (escapeSpaces)
{
buffer.append(" ");
}
else
{
buffer.append(c);
}
break;
case '<' :
buffer.append("<");
break;
case '>' :
buffer.append(">");
break;
case '&' :
buffer.append("&");
break;
case '"' :
buffer.append(""");
break;
case '\'' :
buffer.append("'");
break;
default :
if (convertToHtmlUnicodeEscapes)
{
int ci = 0xffff & c;
if (ci < 160)
{
// nothing special only 7 Bit
buffer.append(c);
}
else
{
// Not 7 Bit use the unicode system
buffer.append("&#");
buffer.append(new Integer(ci).toString());
buffer.append(';');
}
}
else
{
buffer.append(c);
}
break;
}
}
return buffer;
}
}