Server side HTML sanitizer/cleanup for JSF

主宰稳场 提交于 2019-11-27 05:38:21
BalusC

In order to achieve that, you basically need a standalone HTML parser. HTML parsing is rather complex and the task and responsibility of that is beyond the scope of JSF, PrimeFaces and OmniFaces. You're supposed to just grab one of the many existing HTML parsing libraries.

An example is Jsoup, it has even a separate method for the particular purpose of sanitizing HTML against a Whitelist: Jsoup#clean(). For example, if you want to allow some basic HTML without images, use Whitelist.basic():

String sanitizedHtml = Jsoup.clean(rawHtml, Whitelist.basic());

A completely different alternative is to use a specific text formatting syntax, such as Markdown (which is also used here). Basically all of those parsers also sanitize HTML under the covers. An example is Pegdown. Perhaps this is what you actually meant when you said "stackexchange style".

As to saving in DB, you'd better save both the raw and parsed forms in 2 separate text columns. The raw form should be redisplayed during editing. The parsed form should be updated in background when the raw form has been edited. During display, obviously only show the parsed form with escape="false".

See also:

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!