Examples of org.jsoup.safety.Whitelist

• org.jsoup.safety.Whitelist
  ers.org/xss.html for some XSS attack examples. @author Jonathan Hedley

   *
   * https://github.com/github/markup/tree/master#html-sanitization
   * @return a loose HTML whitelist
   */
  protected Whitelist getRelaxedWhiteList() {
    return new Whitelist()
        .addTags(
                "a", "b", "blockquote", "br", "caption", "cite", "code", "col",
                "colgroup", "dd", "del", "div", "dl", "dt", "em", "h1", "h2", "h3", "h4", "h5", "h6", "hr",
                "i", "img", "ins", "kbd", "li", "ol", "p", "pre", "q", "samp", "small", "strike", "strong",
                "sub", "sup", "table", "tbody", "td", "tfoot", "th", "thead", "tr", "tt", "u",

   *
   * @param options Specified options to use on this instance.  See the docs for the Options class for common options sets.
   */
  public Remark(Options options) {
    this.options = options.getCopy();
    Whitelist whitelist = Whitelist.basicWithImages()
                    .addTags("div",
                                              "h1", "h2", "h3", "h4", "h5", "h6",
                                              "table", "tbody", "td", "tfoot", "th", "thead", "tr",
                                              "hr",
                                              "span", "font")
                    .addAttributes("th", "colspan", "align", "style")
                    .addAttributes("td", "colspan", "align", "style")
                    .addAttributes(":all", "title", "style");
        if(options.preserveRelativeLinks) {
            whitelist.preserveRelativeLinks(true);
        }
    if(options.abbreviations) {
      whitelist.addTags("abbr", "acronym");
    }
    if(options.headerIds) {
      for(int i=1; i<=6; i++) {
        whitelist.addAttributes("h"+i, "id");
      }
    }
    for(final IgnoredHtmlElement el : options.getIgnoredHtmlElements()) {
      whitelist.addTags(el.getTagName());
            if(!el.getAttributes().isEmpty()) {
                whitelist.addAttributes(el.getTagName(), el.getAttributes().toArray(new String[el.getAttributes().size()]));
            }
    }
    cleaner = new Cleaner(whitelist);

    if(options.getTables().isLeftAsHtml()) {

    return Jsoup.clean(html, Whitelist.relaxed());
  }

  //只允许指定的html标签
  public static String clearTags(String html, String ...tags) {
    Whitelist wl = new Whitelist();
    return Jsoup.clean(html, wl.addTags(tags));
  }

    }
    return string;
  }

  private static synchronized Whitelist buildWhiteList() {
    Whitelist whitelist = new Whitelist();
    whitelist.addTags("a", "b", "blockquote", "br", "caption", "cite", "code", "col", "colgroup", "dd", "div", "dl", "dt", "em", "h1",
        "h2", "h3", "h4", "h5", "h6", "i", "iframe", "img", "li", "ol", "p", "pre", "q", "small", "strike", "strong", "sub", "sup",
        "table", "tbody", "td", "tfoot", "th", "thead", "tr", "u", "ul");

    whitelist.addAttributes("div", "dir");
    whitelist.addAttributes("pre", "dir");
    whitelist.addAttributes("code", "dir");
    whitelist.addAttributes("table", "dir");
    whitelist.addAttributes("p", "dir");
    whitelist.addAttributes("a", "href", "title");
    whitelist.addAttributes("blockquote", "cite");
    whitelist.addAttributes("col", "span", "width");
    whitelist.addAttributes("colgroup", "span", "width");
    whitelist.addAttributes("iframe", "src", "height", "width", "allowfullscreen", "frameborder", "style");
    whitelist.addAttributes("img", "align", "alt", "height", "src", "title", "width", "style");
    whitelist.addAttributes("ol", "start", "type");
    whitelist.addAttributes("q", "cite");
    whitelist.addAttributes("table", "border", "bordercolor", "summary", "width");
    whitelist.addAttributes("td", "border", "bordercolor", "abbr", "axis", "colspan", "rowspan", "width");
    whitelist.addAttributes("th", "border", "bordercolor", "abbr", "axis", "colspan", "rowspan", "scope", "width");
    whitelist.addAttributes("ul", "type");

    whitelist.addProtocols("a", "href", "ftp", "http", "https", "mailto");
    whitelist.addProtocols("blockquote", "cite", "http", "https");
    whitelist.addProtocols("img", "src", "http", "https");
    whitelist.addProtocols("q", "cite", "http", "https");

    whitelist.addEnforcedAttribute("a", "target", "_blank");
    return whitelist;
  }

        return content;
    }

    public static String stripHtmlTag(String content, String[] allowedTag) {
        if (content != null && !content.isEmpty()) {
            Whitelist whitelist = Whitelist.none().addAttributes(":all","style","class","title","id","src","href","target");
            for (String tag : allowedTag) {
                whitelist.addTags(tag);
            }
            java.lang.reflect.Field field = ReflectionUtils.findField(whitelist.getClass(), "protocols");
            ReflectionUtils.makeAccessible(field);
            ReflectionUtils.setField(field, whitelist, new HashMap());
            content = Jsoup.clean(content, whitelist);
        }
        return content;

        s = s.replaceAll("</p>", "tinymce-renderer-reverse_br");
        s = s.replaceAll("</ul>", "tinymce-renderer-reverse_br");
        s = s.replaceAll("</ol>", "tinymce-renderer-reverse_br");
        s = s.replaceAll("</blockquote>", "tinymce-renderer-reverse_br");

        Whitelist wl = stripAllTags() ? Whitelist.none() : this.whitelist;

        String safe = Jsoup.clean(s, wl);
        safe = safe.replaceAll("tinymce-renderer-reverse_br", "\n");
        safe = safe.replaceAll("tinymce-renderer-reverse_sp", " ");