18.2 HTML Function
This function escapes characters which can change the context in an html environment. It is an extended version of the well-known sys.htf.escape_sc.
The function's result depends on the escaping mode that is defined by using apex_escape.set_html_escaping_mode. By default, the escaping mode is Extended, but it can be overridden by manually calling set_html_escaping_mode or by setting the application security attribute HTML Escaping Mode to Basic. If the mode is Basic, the function behaves like sys.htf.escape_sc. Otherwise, the rules below apply.
The following table, Table 18-1, depicts ascii characters that the function transforms and their escaped values:
Table 18-1 Escaped Values for Transformed ASCII Characters
| Raw ASCI Characters | Returned Escaped Characters |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
' |
|
|
|
|
Syntax
APEX_ESCAPE.HTML (
p_string IN VARCHAR2 )
return VARCHAR2;Parameters
Table 18-2 HTML Function Parameters
| Parameter | Description |
|---|---|
|
|
The string text that is escaped |
Example
This example tests escaping in basic (B) and extended (E) mode.
DECLARE
procedure eq(p_str1 in varchar2,p_str2 in varchar2)
is
BEGIN
IF p_str1||'.' <> p_str2||'.' THEN
raise_application_error(-20001,p_str1||' <> '||p_str2);
END IF;
END eq;
BEGIN
apex_escape.set_html_escaping_mode('B');
eq(apex_escape.html('hello &"<>''/'), 'hello &"<>''/');
apex_escape.set_html_escaping_mode('E');
eq(apex_escape.html('hello &"<>''/'), 'hello
&"<>'/');
END; See Also:
Parent topic: APEX_ESCAPE