Many classes allow inclusion of escape sequences in character and string literals; examples include java.util.regex.Pattern as well as classes that support XML- and SQL-based actions by passing string arguments to methods. According to the Java Language Specification [JLS 2011], Section 3.10.6, "Escape Sequences for Character and String Literals"
The character and string escape sequences allow for the representation of some nongraphic characters as well as the single quote, double quote, and backslash characters in character literals (§3.10.4) and string literals (§3.10.5).
Correct use of escape sequences in string literals requires understanding of how the escape sequences are interpreted by the Java compiler. SQL statements written in Java, for example, sometimes require certain escape characters or sequences (e.g., sequences containing \t, \n, \r). When representing SQL queries in Java string form, all escape sequences must be preceded by an extra backslash for correct interpretation.
As another example, consider the Pattern class used in performing regular expression-related tasks. A string literal used for pattern matching is compiled into an instance of the Pattern type. When the pattern to be matched contains a sequence of characters identical to one of the Java escape sequences — "\" and "n", for example — the Java compiler treats that portion of the string as a Java escape sequence and transforms the sequence into an actual newline character. To insert the newline escape sequence, rather than a literal newline character, the programmer must precede the "\n" sequence with an additional backslash to prevent the Java compiler from replacing it with a newline character. The string constructed from the resulting sequence
\\n
consequently contains the correct two-character sequence \n and correctly denotes the escape sequence for newline in the pattern.
In general, for a particular escape character of the form \X, the equivalent Java representation is
\\X
Noncompliant Code Example
This noncompliant code example defines a method splitWords() that finds matches between the string literal {{WORDS}} and the input sequence. It is expected that WORDS would hold the escape sequence for matching a word boundary. However, the Java compiler treats the "\b" as a Java escape sequence, and the string WORDS silently compiles to a backspace character.
public class BadSplitter {
private final String WORDS = "\b"; // Fails to split on word boundaries
public String[] splitWords(String input){
Pattern pattern = Pattern.compile(WORDS);
String[] input_array = pattern.split(input);
return input_array;
}
}
Compliant Solution
This compliant solution shows the correctly escaped value of the string literal WORDS that results in a regular expression designed to split on word boundaries.
public class GoodSplitter {
private final String WORDS = "\\b"; // Allows splitting on word boundaries
public String[] split(String input){
Pattern pattern = Pattern.compile(WORDS);
String[] input_array = pattern.split(input);
return input_array;
}
}
Applicability
Incorrect use of escape characters in string literals can result in misinterpretation and potential corruption of data.
Bibliography
[API 2011] Class Pattern "Backslashes, escapes, and quoting"
[API 2011] Package java.sql
[JLS 2011] §3.10.6, Escape Sequences for Character and String Literals