Documentation Home
⤤ Stallion Home
⤤ JavaDoc
Tutorials
Flat-file Website or Blog Javascript Web Application Java Web Application Publishing your site to a server
Reference Guide
Javascript and CSS Asset Bundling Models, Data Access, and Querying SQL Databases RESTful Endpoints Monitoring Templating Users and Authentication Settings and Configuration
Common Tasks
Sending Emails Asynchronous Tasks and Scheduled Tasks Recurring Jobs Fetching External Web Pages Caching Using Date and Time Simple Encryption and Decryption Sanitizing HTML Logging
Minor Features
CORS XSRF Protection Clickjacking Protection Redirects and Rewrites
Warning! This documentation is a work in progress. Expect things to be out of date and not actually work according to instructions.

Sanitizing HTML

There is a simple helper class that wraps the OWASP Java HTML Sanitizer Project


import io.stallion.utils.Sanitize;

// Sanitize for publicly submitted comments in a comments thread
String html = Sanitize.commentSanitize(raw);

// Strips all dangerous tags, and most advanced tags like tables, leaves basic tags like divs, links and formatting tags
String html = Sanitize.basicSanitize(raw);

// Like basic sanitize, but allow images
String html = Sanitize.basicSanitizeWithImages(raw);

// This serializes an object to JSON and escapes it to be included in the <script> section of an HTML page.
String jsonForHtml = Sanitize.htmlSafeJson(myObject);

You can use this in a template:

var authorInformation = ;

// Strip all tags
String text = Sanitize.stripAll(html);

You of course can use the OWASP library directly to build your own sanitization policies.

© 2024 Stallion Software LLC