How to report if input is sanitized with OWASP Java HTML Sanitizer
Question
I see in the API that it's possible but I can't figure out how to use that sanitize() method . There's even a forum post where someone says to use it but they don't explain how. In essence I have no idea what CTX means in that method signature. If someone can provide sample code of how to get a list of items that were sanitized that would be appreciated.
1 answers
solution1
0 2017-11-17 07:08:04
You need to setup the HtmlChangeListener to catch all elements that are sanitized. The code then looks something like:
List<String> results = new ArrayList<String>();
HtmlChangeListener<List<String>> htmlChangeListener = new HtmlChangeListener<>()
{
@Override
public void discardedTag(List<String> context, String elementName)
{
context.add(elementName);
}
@Override
public void discardedAttributes(List<String> context, String tagName, String... attributeNames)
{
context.add(tagName);
}
};
String sanitizedHtml = POLICY_DEFINITION.sanitize(rawHtml, htmlChangeListener, results);
System.out.println("Sanitized elements include: " + String.join(",", results));
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
how to use policy of owasp-java-html-sanitizer on a jsp page
Embedded CSS with owasp-java-html-sanitizer
How to allow specific characters with OWASP HTML Sanitizer?
How to allow embedded images when sanitizing html with OWASP Java HTML Sanitizer
Java - Owasp Html Sanitizer shows double noopener noreferrer for url
OWASP java-html-sanitizer - policy for unclosed tags
Link extraction using owasp-java-html-sanitizer
OWASP HTML Sanitizer cleans comments
How to keep OWASP HTML sanitizer from limiting line length?
XSS - OWASP HTML Sanitizer Filters <form>
Related Tags