堆栈内存溢出
  简体   繁体   English

如何使Jsoup白名单接受某些属性内容

[英]How to make a Jsoup whitelist to accept certain attribute content

 原文  2014-03-16 22:50:33       java/ jsoup/ sanitization/ html-sanitizing

问题描述

I'm using Jsoup with relaxed whitelist. 我正在使用Jsoup和轻松的白名单。 It seems perfect but I would like to keep the embedded images tags like <img alt="" src="data:;base64 . 它似乎很完美,但我想保留嵌入式图像标签,如<img alt="" src="data:;base64

Is there a way to modify the whitelist to accept also those img? 有没有办法修改白名单也接受那些img?

Edit : 编辑

If I use Whitelist.relaxed().addProtocols("img","src","data") then those img tags are not removed. 如果我使用Whitelist.relaxed().addProtocols("img","src","data")则不会删除那些img标签。 But it accepts anything after "data:" and I would like just to keep them if src content starts with "data:;base64". 但它接受“data:”之后的任何内容,如果src内容以“data:; base64”开头,我想保留它们。 Is it possible with jsoup? jsoup有可能吗?

1 个解决方案

解决方案1
 9 已采纳  2014-06-30 19:57:11

You can extend Whitelist and override isSafeAttribute to perform custom checks. 您可以扩展Whitelist并覆盖isSafeAttribute以执行自定义检查。 As there's no way to extend Whitelist.relaxed() directly, you'll have to copy some code to set up the same list: 由于无法直接扩展Whitelist.relaxed(),您必须复制一些代码来设置相同的列表: 

public class RelaxedPlusDataBase64Images extends Whitelist {
    public RelaxedPlusDataBase64Images() {
        //copied from Whitelist.relaxed()
        addTags("a", "b", "blockquote", "br", "caption", "cite", "code", "col",
                "colgroup", "dd", "div", "dl", "dt", "em", "h1", "h2", "h3", "h4", "h5", "h6",
                "i", "img", "li", "ol", "p", "pre", "q", "small", "strike", "strong",
                "sub", "sup", "table", "tbody", "td", "tfoot", "th", "thead", "tr", "u",
                "ul");
        addAttributes("a", "href", "title");
        addAttributes("blockquote", "cite");
        addAttributes("col", "span", "width");
        addAttributes("colgroup", "span", "width");
        addAttributes("img", "align", "alt", "height", "src", "title", "width");
        addAttributes("ol", "start", "type");
        addAttributes("q", "cite");
        addAttributes("table", "summary", "width");
        addAttributes("td", "abbr", "axis", "colspan", "rowspan", "width");
        addAttributes("th", "abbr", "axis", "colspan", "rowspan", "scope", "width");
        addAttributes("ul", "type");
        addProtocols("a", "href", "ftp", "http", "https", "mailto");
        addProtocols("blockquote", "cite", "http", "https");
        addProtocols("cite", "cite", "http", "https");
        addProtocols("img", "src", "http", "https");
        addProtocols("q", "cite", "http", "https");
    }

    @Override
    protected boolean isSafeAttribute(String tagName, Element el, Attribute attr) {
        return ("img".equals(tagName)
                && "src".equals(attr.getKey())
                && attr.getValue().startsWith("data:;base64")) ||
            super.isSafeAttribute(tagName, el, attr);
    }
}

As you haven't provided the code you're using to parse or the HTML you're sanitizing, I haven't tested this. 由于您尚未提供用于解析的代码或正在清理的HTML,因此我没有对此进行测试。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何获取Jsoup的属性内容? - How to get attribute content Jsoup? 如何获取Jsoup白名单的有效标签列表? - How to get list of valid tags of Jsoup whitelist? 如何配置jsoup白名单以允许内部锚点 - How to configure jsoup whitelist to allow internal anchor 如何在jsoup中提取属性 - How to extract an attribute in jsoup Jsoup WhiteList允许评论 - Jsoup WhiteList to allow comments 如何使用jsoup接收数据属性? - How to receive data attribute with jsoup? 如何使用 Jsoup 过滤掉某些链接 - How to filter out certain links using Jsoup 如何在jsoup中使用选择器语法获取Attribute - How to get Attribute using selector syntax in jsoup 如何使用 Jsoup Java 按属性取值? - How to take value by attribute using Jsoup Java? 如何使用jsoup保留链接标题属性? - How to keep link title attribute with jsoup?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM