[英]Java - Owasp Html Sanitizer shows double noopener noreferrer for url
我在String中有一個網址,如下所示:
"<a style=\"color: #800000; background-color: #ffcc00;\" title=\"Test12\" href=\"http://www.google.com\" target=\"_blank\" rel=\"noopener noreferrer\">www.google.com</a>"
消毒后,我的String變成:
"<a style="color: #800000; background-color: #ffcc00;" title="Test12" href="http://www.google.com" target="_blank" rel="noopener noreferrer noopener noreferrer">www.google.com</a>"
請注意,在rel屬性中,它具有noopener noreferrer noopener noreferrer的兩倍
String [] allowElements = {"b", "i", "font", "s", "u", "o", "sup", "sub", "ins", "del", "strong", "strike", "tt",
"code", "big", "small", "br", "span", "em", "li", "ul", "ol", "a", "p", "target"};
String [] allowAttributes = {"style", "href", "target", "rel", "title", "_blank"};
PolicyFactory policy = new HtmlPolicyBuilder().allowUrlProtocols("http", "https")
.allowElements(allowElements)
.allowAttributes(allowAttributes)
.onElements(allowElements)
.toFactory();
final String sanitized = policy.sanitize(value);
System.err.println(sanitized);
這是為什么?
您可以使用新的HtmlPolicyBuilder()。skipRelsOnLinks(“ noopener”,“ noreferrer”),它會拒絕將某些DEFAULT_RELS_ON_TARGETTED_LINKS添加到鏈接中。
注意:DEFAULT_RELS_ON_TARGETTED_LINKS = ImmutableSet.of(“ noopener”,“ noreferrer”);
更多詳細信息在這里: https : //github.com/OWASP/java-html-sanitizer/blob/master/src/main/java/org/owasp/html/HtmlPolicyBuilder.java
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.