List of usage examples for org.jsoup.safety Whitelist addTags
public Whitelist addTags(String... tags)
From source file:net.duckling.falcon.xss.JSONConfig.java
private static void addTags(Whitelist whitelist, JSONObject config) { JSONObject whiteListJson = (JSONObject) config.get("whiteList"); for (String tagname : whiteListJson.keySet()) { whitelist.addTags(tagname); JSONArray attributes = (JSONArray) whiteListJson.get(tagname); for (Object attribute : attributes) { whitelist.addAttributes(tagname, (String) attribute); }/* w w w . j a v a 2 s. c o m*/ } }
From source file:org.eclipse.skalli.commons.HtmlUtils.java
/** * Returns a {@link Whitelist whitelist} of HTML tags and attributes that can safely be used * when rendering HTML/JSP pages. Use the returned whitelist with {@link JSoup}. *///from w ww . j a v a 2s. c o m @SuppressWarnings("nls") public static Whitelist getWhiteList() { Whitelist whitelist = new Whitelist(); whitelist.addTags(ALLOWED_TAGS).addAttributes("a", "href", "target", "name", "title", "rel") .addAttributes("ul", "type").addAttributes("ol", "start", "type").addAttributes("li", "value") .addAttributes("blockquote", "cite").addAttributes("q", "cite") .addProtocols("a", "href", "http", "https", "mailto") .addProtocols("blockquote", "cite", "http", "https").addProtocols("cite", "cite", "http", "https") .addProtocols("q", "cite", "http", "https"); return whitelist; }
From source file:org.finra.herd.core.HerdStringUtils.java
/** * Strips HTML tags from a given input String, allows some tags to be retained via a whitelist * * @param fragment the specified String//w ww .j a v a2 s. c om * @param whitelistTags the specified whitelist tags * * @return cleaned String with allowed tags */ public static String stripHtml(String fragment, String... whitelistTags) { // Parse out html tags except those from a given list of whitelist tags Document dirty = Jsoup.parseBodyFragment(fragment); Whitelist whitelist = new Whitelist(); for (String whitelistTag : whitelistTags) { // Get the actual tag name from the whitelist tag // this is vulnerable in general to complex tags but will suffice for our simple needs whitelistTag = StringUtils.removePattern(whitelistTag, "[^\\{IsAlphabetic}]"); // Add all specified tags to the whitelist while preserving inline css whitelist.addTags(whitelistTag).addAttributes(whitelistTag, "class"); } Cleaner cleaner = new Cleaner(whitelist); Document clean = cleaner.clean(dirty); // Set character encoding to UTF-8 and make sure no line-breaks are added clean.outputSettings().escapeMode(Entities.EscapeMode.base).charset(StandardCharsets.UTF_8) .prettyPrint(false); // return 'cleaned' html body return clean.body().html(); }