java.lang.Object
de.hybris.platform.acceleratorstorefrontcommons.tags.HTMLSanitizer

public class HTMLSanitizer extends Object
This file contains static methods that are used by JSP EL.
  • Field Details

    • URL_POLICY

      protected static final org.owasp.html.FilterUrlByProtocolAttributePolicy URL_POLICY
  • Constructor Details

    • HTMLSanitizer

      public HTMLSanitizer()
  • Method Details

    • sanitizeHTML

      public static String sanitizeHTML(String untrustedHTML)
      JSP EL Function to sanitize unsafe HTML string
      Parameters:
      untrustedHTML - potentially unsafe HTML string
      Returns:
      safe HTML string with allowed elements only. All other elements that are not specified as allowed are removed.
    • validateUrlScheme

      public static boolean validateUrlScheme(String dirtyUrl)
      Validate input URL scheme against declared URL Policy
      Parameters:
      the - dirtyUrl that needs to be validated
      Returns:
      whether the URL is valid or not