问题
I've got a freemarker template that displays the same string in a context where HTML is allowed as well as a context where it is not.
Is there a built-in in Freemarker that allows me to entirely remove HTML tags from a string?
The following template (assuming there was a built-in remove_html)
<#ftl output_format="HTML"/>
<html>
<head>
<title>${page_title?remove_html}</title>
</head>
<body>
<h1>${page_title?no_esc}</h1>
</body>
</html>
and the model Collections.singletonMap("page_title", "A <strong>Strong</strong> Argument") should lead to
<html>
<head>
<title>A Strong Argument</title>
</head>
<body>
<h1>A <strong>Strong</strong> Argument</h1>
</body>
</html>
Using the built-in esc would give me <title>A <strong>Strong</strong> Argument</title> instead, which is not what I am looking for.
Is there something like remove_html or do I need to provide my own? (Using OWASP's java-html-sanitizer, for instance.)
回答1:
You could use the Freemarker built-in string replace function with the "r" flag to enable regular expressions.
Here's a simple regexp that does the trick:
${page_title?replace('<[^>]+>','','r')}
Note that if you use backslashes within the regular expression they must be escaped, as follows (contrived example that removes whitespace):
${page_title?replace('\\s+','','r')}
回答2:
There isn't anything built in as of 2.3.28, so yes, you have to create your own.
来源:https://stackoverflow.com/questions/49784172/remove-html-tags-in-freemarker-template