Example usage for org.jsoup.safety Whitelist addTags

List of usage examples for org.jsoup.safety Whitelist addTags

  1. HOME
  2. Java
  3. org.jsoup
  4. org.jsoup.safety.*
  5. Whitelist
  6. addTags

Introduction

In this page you can find the example usage for org.jsoup.safety Whitelist addTags.

Prototype

public Whitelist addTags(String... tags)

Source Link

Document

Add a list of allowed elements to a whitelist.

Usage

From source file:net.duckling.falcon.xss.JSONConfig.java

private static void addTags(Whitelist whitelist, JSONObject config) {
    JSONObject whiteListJson = (JSONObject) config.get("whiteList");
    for (String tagname : whiteListJson.keySet()) {
        whitelist.addTags(tagname);
        JSONArray attributes = (JSONArray) whiteListJson.get(tagname);
        for (Object attribute : attributes) {
            whitelist.addAttributes(tagname, (String) attribute);
        }/* w w  w . j  a v a  2 s. c  o  m*/
    }
}

From source file:org.eclipse.skalli.commons.HtmlUtils.java

/**
 * Returns a {@link Whitelist whitelist} of HTML tags and attributes that can safely be used
 * when rendering HTML/JSP pages. Use the returned whitelist with {@link JSoup}.
 *///from w ww  .  j a  v  a  2s.  c o m
@SuppressWarnings("nls")
public static Whitelist getWhiteList() {
    Whitelist whitelist = new Whitelist();
    whitelist.addTags(ALLOWED_TAGS).addAttributes("a", "href", "target", "name", "title", "rel")
            .addAttributes("ul", "type").addAttributes("ol", "start", "type").addAttributes("li", "value")
            .addAttributes("blockquote", "cite").addAttributes("q", "cite")
            .addProtocols("a", "href", "http", "https", "mailto")
            .addProtocols("blockquote", "cite", "http", "https").addProtocols("cite", "cite", "http", "https")
            .addProtocols("q", "cite", "http", "https");
    return whitelist;
}

From source file:org.finra.herd.core.HerdStringUtils.java

/**
 * Strips HTML tags from a given input String, allows some tags to be retained via a whitelist
 *
 * @param fragment the specified String//w ww .j a  v a2 s.  c  om
 * @param whitelistTags the specified whitelist tags
 *
 * @return cleaned String with allowed tags
 */
public static String stripHtml(String fragment, String... whitelistTags) {

    // Parse out html tags except those from a given list of whitelist tags
    Document dirty = Jsoup.parseBodyFragment(fragment);

    Whitelist whitelist = new Whitelist();

    for (String whitelistTag : whitelistTags) {
        // Get the actual tag name from the whitelist tag
        // this is vulnerable in general to complex tags but will suffice for our simple needs
        whitelistTag = StringUtils.removePattern(whitelistTag, "[^\\{IsAlphabetic}]");

        // Add all specified tags to the whitelist while preserving inline css
        whitelist.addTags(whitelistTag).addAttributes(whitelistTag, "class");
    }

    Cleaner cleaner = new Cleaner(whitelist);
    Document clean = cleaner.clean(dirty);
    // Set character encoding to UTF-8 and make sure no line-breaks are added
    clean.outputSettings().escapeMode(Entities.EscapeMode.base).charset(StandardCharsets.UTF_8)
            .prettyPrint(false);

    // return 'cleaned' html body
    return clean.body().html();
}