如何报告是否使用OWASP Java HTML Sanitizer清理了输入
[英]How to report if input is sanitized with OWASP Java HTML Sanitizer
问题描述
I see in the API that it's possible but I can't figure out how to use that sanitize() method . 
我在API中看到了可能,但我不知道如何使用sanitize()方法 。 There's even a forum post where someone says to use it but they don't explain how. 甚至有一个论坛帖子,有人说要使用它,但他们不解释如何使用。 In essence I have no idea what CTX means in that method signature. 本质上,我不知道CTX在该方法签名中意味着什么。 If someone can provide sample code of how to get a list of items that were sanitized that would be appreciated. 如果有人可以提供如何获取经过消毒的物品清单的示例代码,将不胜感激。
1 个解决方案
解决方案1
0 2017-11-17 07:08:04
You need to setup the HtmlChangeListener to catch all elements that are sanitized. 您需要设置HtmlChangeListener来捕获所有已清理的元素。 The code then looks something like: 代码如下所示:
List<String> results = new ArrayList<String>();
HtmlChangeListener<List<String>> htmlChangeListener = new HtmlChangeListener<>()
{
@Override
public void discardedTag(List<String> context, String elementName)
{
context.add(elementName);
}
@Override
public void discardedAttributes(List<String> context, String tagName, String... attributeNames)
{
context.add(tagName);
}
};
String sanitizedHtml = POLICY_DEFINITION.sanitize(rawHtml, htmlChangeListener, results);
System.out.println("Sanitized elements include: " + String.join(",", results));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.