org.exoplatform.commons.utils

Class HTMLSanitizer

java.lang.Object

org.exoplatform.commons.utils.HTMLSanitizer

public abstract class HTMLSanitizer
extends Object

Prevent XSS/XEE attacks by encoding user HTML inputs. This class will be used to encode data in in presentation layer.

Version:

$Revision$

Author:

Khemais MENZLI

Field Summary

Fields

Modifier and Type	Field and Description
static com.google.common.base.Function<org.owasp.html.HtmlStreamEventReceiver,org.owasp.html.HtmlSanitizer.Policy>	POLICY_DEFINITION A policy definition that matches the minimal HTML that eXo allows.

Constructor Summary

Constructors

Constructor and Description
HTMLSanitizer()

Method Summary

Modifier and Type	Method and Description
static String	sanitize(String html) This service reads HTML from input forms and writes sanitized content to a StringBuffer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

POLICY_DEFINITION

public static final com.google.common.base.Function<org.owasp.html.HtmlStreamEventReceiver,org.owasp.html.HtmlSanitizer.Policy> POLICY_DEFINITION

A policy definition that matches the minimal HTML that eXo allows.

Constructor Detail

HTMLSanitizer

public HTMLSanitizer()

Method Detail

sanitize

public static String sanitize(String html)
                       throws Exception

This service reads HTML from input forms and writes sanitized content to a StringBuffer

Parameters:

html - The String object

Returns:

The sanitized HTML to store in DB layer

Throws:

Exception