Package de.hybris.platform.acceleratorstorefrontcommons.tags

Class HTMLSanitizer

  • public class HTMLSanitizer
extends java.lang.Object
    This file contains static methods that are used by JSP EL.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected static org.owasp.html.FilterUrlByProtocolAttributePolicy URL_POLICY  

    • Constructor Summary

      Constructors 
      Constructor Description
      HTMLSanitizer()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.lang.String sanitizeHTML​(java.lang.String untrustedHTML)
      JSP EL Function to sanitize unsafe HTML string
      static boolean validateUrlScheme​(java.lang.String dirtyUrl)
      Validate input URL scheme against declared URL Policy

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • URL_POLICY

        protected static final org.owasp.html.FilterUrlByProtocolAttributePolicy URL_POLICY

    • Constructor Detail

      • HTMLSanitizer

        public HTMLSanitizer()

    • Method Detail

      • sanitizeHTML

        public static java.lang.String sanitizeHTML​(java.lang.String untrustedHTML)
        JSP EL Function to sanitize unsafe HTML string
        Parameters:
        untrustedHTML - potentially unsafe HTML string
        Returns:
        safe HTML string with allowed elements only. All other elements that are not specified as allowed are removed.

      • validateUrlScheme

        public static boolean validateUrlScheme​(java.lang.String dirtyUrl)
        Validate input URL scheme against declared URL Policy
        Parameters:
        the - dirtyUrl that needs to be validated
        Returns:
        whether the URL is valid or not