@NullUnmarked
final class UrlEscaperTesting {
  /**
   * Helper to assert common expected behaviour of uri escapers. You should call
   * assertBasicUrlEscaper() unless the escaper explicitly does not escape '%'.
   */
  @SuppressWarnings("nullness") // test of a bogus call
  static void assertBasicUrlEscaperExceptPercent(UnicodeEscaper e) {
    // URL escapers should throw null pointer exceptions for null input
    try {
      e.escape((String) null);

@NullUnmarked
final class UrlEscaperTesting {
  /**
   * Helper to assert common expected behaviour of uri escapers. You should call
   * assertBasicUrlEscaper() unless the escaper explicitly does not escape '%'.
   */
  @SuppressWarnings("nullness") // test of a bogus call
  static void assertBasicUrlEscaperExceptPercent(UnicodeEscaper e) {
    // URL escapers should throw null pointer exceptions for null input
    try {
      e.escape((String) null);

   */
  public static Escaper xmlContentEscaper() {
    return XML_CONTENT_ESCAPER;
  }

  /**
   * Returns an {@link Escaper} instance that escapes special characters in a string so it can
   * safely be included in XML document as an attribute value. See section <a
   * href="http://www.w3.org/TR/2008/REC-xml-20081126/#AVNormalize">3.3.3</a> of the XML
   * specification.
   *

    Escaper escaper = Escapers.builder().setSafeRange('a', 'z').build();
    assertThat(escaper.escape("The Quick Brown Fox")).isEqualTo("The Quick Brown Fox");
  }

  public void testBuilderInitialStateNoneUnsafe() {
    // No characters are unsafe by default (safeMin == 0, safeMax == 0xFFFF).
    Escaper escaper = Escapers.builder().setUnsafeReplacement("X").build();

    // Test all escapes
    assertThat(xmlAttributeEscaper.escape("a\"b<c>d&e\"f'"))
        .isEqualTo("a&quot;b&lt;c&gt;d&amp;e&quot;f&apos;");
    // Test '\t', '\n' and '\r' are escaped.
    assertThat(xmlAttributeEscaper.escape("a\tb\nc\rd")).isEqualTo("a&#x9;b&#xA;c&#xD;d");
  }

  // Helper to assert common properties of xml escapers.
  static void assertBasicXmlEscaper(

    // Test all escapes
    assertThat(xmlAttributeEscaper.escape("a\"b<c>d&e\"f'"))
        .isEqualTo("a&quot;b&lt;c&gt;d&amp;e&quot;f&apos;");
    // Test '\t', '\n' and '\r' are escaped.
    assertThat(xmlAttributeEscaper.escape("a\tb\nc\rd")).isEqualTo("a&#x9;b&#xA;c&#xD;d");
  }

  // Helper to assert common properties of xml escapers.
  static void assertBasicXmlEscaper(

 * correctly if you are considering implementing a new escaper you should favor using UnicodeEscaper
 * wherever possible.
 *
 * <p>A {@code UnicodeEscaper} instance is required to be stateless, and safe when used concurrently
 * by multiple threads.
 *
 * <p>Popular escapers are defined as constants in classes like {@link

    }
    return result;
  }

  /**
   * Convert this builder into a char escaper which is just a decorator around the underlying array
   * of replacement char[]s.
   *
   * @return an escaper that escapes based on the underlying array.
   */
  public Escaper toEscaper() {
    return new CharArrayDecorator(toArray());
  }

package org.codelibs.fess.ldap;

/**
 * Utility class for LDAP operations.
 */
public final class LdapUtil {

    private LdapUtil() {
    }

    /**
     * Escapes special characters in a value for use in LDAP search filters.
     * This method escapes characters that have special meaning in LDAP filter expressions
     * to prevent LDAP injection attacks.
     *
     * @param value the value to escape (null is treated as empty string)

    UnicodeEscaper e = (UnicodeEscaper) urlFormParameterEscaper();
    // Verify that these are the same escaper (as documented)
    assertThat(urlFormParameterEscaper()).isSameInstanceAs(e);
    assertBasicUrlEscaper(e);

    /*
     * Specified as safe by RFC 2396 but not by java.net.URLEncoder. These tests will start failing
     * when the escaper is made compliant with RFC 2396, but that's a good thing (just change them
     * to assertUnescaped).