Package org.linkki.core.util

Class HtmlSanitizer

java.lang.Object

org.linkki.core.util.HtmlSanitizer

public class HtmlSanitizer
extends Object

Utility class for sanitizing HTML text.

Method Summary

Modifier and Type	Method	Description
static String	escapeText(String text)	Escapes HTML characters (& < > " ') in the given text, in order to make the text safe for inclusion in HTML content.
static String	sanitizeText(String htmlText)	Sanitizes the given HTML text and removes potentially dangerous tags and attributes.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

sanitizeText

@CheckForNull
public static String sanitizeText(@CheckForNull
                                  String htmlText)

Sanitizes the given HTML text and removes potentially dangerous tags and attributes.

Allowed tags and attributes are defined by Safelist.basicWithImages(), which includes basic styling tags as well as 'img'.

Additionally, the 'style' attribute is whitelisted for the tags 'b', 'i', 'strong', 'em', 'u'. The attributes 'style', 'class' and 'id' are whitelisted for 'div'. 'img' can be used with a relative or absolute image source.

The 'vaadin-icon' tag is also whitelisted together with the attributes 'id', 'class', 'width', 'height', 'style' and 'icon'.

Parameters:

htmlText - the HTML text to be sanitized, may be null

Returns:

the sanitized content, or null if the input is null

escapeText

@CheckForNull
public static String escapeText(@CheckForNull
                                String text)

Escapes HTML characters (& < > " ') in the given text, in order to make the text safe for inclusion in HTML content.

Parameters:

text - the text to be escaped, may be null

Returns:

the escaped content, or null if the input is null