Examples of org.jsoup.safety.Cleaner

org.jsoup.safety.Cleaner
The whitelist based HTML cleaner. Use to ensure that end-user provided HTML contains only the elements and attributes that you are expecting; no junk, and no cross-site scripting attacks!
The HTML cleaner parses the input as HTML and then runs it through a white-list, so the output HTML can only contain HTML that is allowed by the whitelist.
It is assumed that the input HTML is a body fragment; the clean methods only pull from the source's body, and the canned white-lists only allow body contained tags.
Rather than interacting directly with a Cleaner object, generally see the {@code clean} methods in {@link org.jsoup.Jsoup}.


     @see Cleaner#clean(Document)
     */
    public static String clean(String bodyHtml, String baseUri, Whitelist whitelist) {
        Document dirty = parseBodyFragment(bodyHtml, baseUri);
        Cleaner cleaner = new Cleaner(whitelist);
        Document clean = cleaner.clean(dirty);
        return clean.body().html();
    }

View Full Code Here

     @return true if no tags or attributes were removed; false otherwise
     @see #clean(String, org.jsoup.safety.Whitelist) 
     */
    public static boolean isValid(String bodyHtml, Whitelist whitelist) {
        Document dirty = parseBodyFragment(bodyHtml, "");
        Cleaner cleaner = new Cleaner(whitelist);
        return cleaner.isValid(dirty);
    }

View Full Code Here

   private final Cleaner none;


   private final Cleaner relaxed;


   public JSoupXssFilter() {
     none = new Cleaner(Whitelist.none());
     relaxed = new Cleaner(getRelaxedWhiteList());
  }

View Full Code Here

      whitelist.addTags(el.getTagName());
            if(!el.getAttributes().isEmpty()) {
                whitelist.addAttributes(el.getTagName(), el.getAttributes().toArray(new String[el.getAttributes().size()]));
            }
    }
    cleaner = new Cleaner(whitelist);


    if(options.getTables().isLeftAsHtml()) {
      // we need to allow the table nodes to be ignored
      // since they are automatically ignored recursively, this is the only node we worry about.
      options.getIgnoredHtmlElements().add(IgnoredHtmlElement.create("table"));

View Full Code Here


     @see Cleaner#clean(Document)
     */
    public static String clean(String bodyHtml, String baseUri, Whitelist whitelist) {
        Document dirty = parseBodyFragment(bodyHtml, baseUri);
        Cleaner cleaner = new Cleaner(whitelist);
        Document clean = cleaner.clean(dirty);
        return clean.body().html();
    }

View Full Code Here

     * @return safe HTML (body fragment)
     * @see Cleaner#clean(Document)
     */
    public static String clean(String bodyHtml, String baseUri, Whitelist whitelist, Document.OutputSettings outputSettings) {
        Document dirty = parseBodyFragment(bodyHtml, baseUri);
        Cleaner cleaner = new Cleaner(whitelist);
        Document clean = cleaner.clean(dirty);
        clean.outputSettings(outputSettings);
        return clean.body().html();
    }

View Full Code Here

     @return true if no tags or attributes were removed; false otherwise
     @see #clean(String, org.jsoup.safety.Whitelist) 
     */
    public static boolean isValid(String bodyHtml, Whitelist whitelist) {
        Document dirty = parseBodyFragment(bodyHtml, "");
        Cleaner cleaner = new Cleaner(whitelist);
        return cleaner.isValid(dirty);
    }

View Full Code Here

  public static String handleContent(String content, String baseUri, boolean keepTextOnly) {
    if (StringUtils.isNotBlank(content)) {
      baseUri = StringUtils.trimToEmpty(baseUri);


      Document dirty = Jsoup.parseBodyFragment(content, baseUri);
      Cleaner cleaner = new Cleaner(WHITELIST);
      Document clean = cleaner.clean(dirty);


      for (Element e : clean.select("iframe[style]")) {
        String style = e.attr("style");
        String escaped = escapeIFrameCss(style);
        e.attr("style", escaped);

View Full Code Here

  public boolean isValid(CharSequence value, ConstraintValidatorContext context) {
    if ( value == null ) {
      return true;
    }


    return new Cleaner( whitelist ).isValid( getFragmentAsDocument( value ) );
  }

View Full Code Here

  public boolean isValid(CharSequence value, ConstraintValidatorContext context) {
    if ( value == null ) {
      return true;
    }


    return new Cleaner( whitelist ).isValid( getFragmentAsDocument( value ) );
  }

View Full Code Here

TOP

Related Classes of org.jsoup.safety.Cleaner

com.commafeed.backend.feed.FeedUtils

com.gitblit.utils.JSoupXssFilter

com.overzealous.remark.Remark

org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator

org.hibernate.validator.internal.constraintvalidators.SafeHtmlValidator

org.jsoup.Jsoup

org.jsoup.select.NodeTraversor

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.