18.2 HTML Function
This function escapes characters which can change the context in an html environment. It is an extended version of the well-known sys.htf.escape_sc
.
The function's result depends on the escaping mode that is defined by using apex_escape.set_html_escaping_mode
. By default, the escaping mode is Extended
, but it can be overridden by manually calling set_html_escaping_mode
or by setting the application security attribute HTML Escaping Mode
to Basic
. If the mode is Basic
, the function behaves like sys.htf.escape_sc
. Otherwise, the rules below apply.
The following table, Table 18-1, depicts ascii characters that the function transforms and their escaped values:
Table 18-1 Escaped Values for Transformed ASCII Characters
Raw ASCI Characters | Returned Escaped Characters |
---|---|
|
|
|
|
|
|
|
|
' |
|
|
|
Syntax
APEX_ESCAPE.HTML (
p_string IN VARCHAR2 )
return VARCHAR2;
Parameters
Table 18-2 HTML Function Parameters
Parameter | Description |
---|---|
|
The string text that is escaped |
Example
This example tests escaping in basic (B
) and extended (E
) mode.
DECLARE
procedure eq(p_str1 in varchar2,p_str2 in varchar2)
is
BEGIN
IF p_str1||'.' <> p_str2||'.' THEN
raise_application_error(-20001,p_str1||' <> '||p_str2);
END IF;
END eq;
BEGIN
apex_escape.set_html_escaping_mode('B');
eq(apex_escape.html('hello &"<>''/'), 'hello &"<>''/');
apex_escape.set_html_escaping_mode('E');
eq(apex_escape.html('hello &"<>''/'), 'hello
&"<>'/');
END;
See Also:
Parent topic: APEX_ESCAPE