Class HTMLSanitizer
java.lang.Object
de.hybris.platform.acceleratorstorefrontcommons.tags.HTMLSanitizer
This file contains static methods that are used by JSP EL.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected static final org.owasp.html.FilterUrlByProtocolAttributePolicy -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic StringsanitizeHTML(String untrustedHTML) JSP EL Function to sanitize unsafe HTML stringstatic booleanvalidateUrlScheme(String dirtyUrl) Validate input URL scheme against declared URL Policy
-
Field Details
-
URL_POLICY
protected static final org.owasp.html.FilterUrlByProtocolAttributePolicy URL_POLICY
-
-
Constructor Details
-
HTMLSanitizer
public HTMLSanitizer()
-
-
Method Details
-
sanitizeHTML
JSP EL Function to sanitize unsafe HTML string- Parameters:
untrustedHTML- potentially unsafe HTML string- Returns:
- safe HTML string with allowed elements only. All other elements that are not specified as allowed are removed.
-
validateUrlScheme
Validate input URL scheme against declared URL Policy- Parameters:
the- dirtyUrl that needs to be validated- Returns:
- whether the URL is valid or not
-