Package org.exoplatform.commons.utils

Class HTMLSanitizer

java.lang.Object
org.exoplatform.commons.utils.HTMLSanitizer
public abstract class HTMLSanitizer extends Object
Prevent XSS/XEE attacks by encoding user HTML inputs. This class will be used to encode data in in presentation layer.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final Function<org.owasp.html.HtmlStreamEventReceiver,org.owasp.html.HtmlSanitizer.Policy>
    POLICY_DEFINITION
    A policy definition that matches the minimal HTML that eXo allows.

  • Constructor Summary

    Constructors
    Constructor
    Description
    HTMLSanitizer()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static String
    sanitize(String html)
    This service reads HTML from input forms and writes sanitized content to a StringBuffer

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • POLICY_DEFINITION

      public static final Function<org.owasp.html.HtmlStreamEventReceiver,org.owasp.html.HtmlSanitizer.Policy> POLICY_DEFINITION
      A policy definition that matches the minimal HTML that eXo allows.

  • Constructor Details

    • HTMLSanitizer

      public HTMLSanitizer()

  • Method Details

    • sanitize

      public static String sanitize(String html)
      This service reads HTML from input forms and writes sanitized content to a StringBuffer
      Parameters:
      html - The String object
      Returns:
      The sanitized HTML to store in DB layer