Html Cleaner

  • Tags : sanitizer, jsoup, xss
  • Latest : 0.2
  • Last Updated: 30 July 2013
  • Grails version : 1.3.7 > *
2 votes
Dependency :
compile ":html-cleaner:0.2"

Documentation Source Issues

Summary

whitelist based html cleaner based on jsoup

Installation

grails install-plugin html-cleaner

Description

Documentation userguide

Note: The plugin has been developed to support 1.3.7> - It should work fine with the grails 2.x as well.*

Defining custom whitelists

Plugin provides DSL to define whitelists in configuration.

htmlcleaner {
    whitelists = {
        whitelist("sample") {
            startwith "none"
            allow "b", "p", "span"
        }
        whitelist("sample-with-anchor") {
            startwith "sample"
            allow("a") {
                attributes "href"
                enforce attribute:"rel", value:"nofollow"
            }            
        }

whitelist("basic-with-tables") { startwith "basic" allow "table", "tr", "td" }

} }

cleanHtml()

Plugin adds a dynamic method cleanHtml(String unsafe, String whitelistName) to all the controllers.

class FooController {
    def save = {

String cleaned = cleanHtml(params.description, 'sample-with-anchor') }

}

htmlCleaner bean

Plugin makes available a spring bean with name htmlCleaner that has a method cleanHtml() with same signature as the dynamic method available to controllers.

<hc:cleanHtml> tag

<hc:cleanHtml unsafe="${domainInstance.description}" whitelist="sample" />

Read documentation for more details on how to define custom whitelists.

Not just sanitizer

Html cleaner is not just a sanitizer, it cleans ill-formed user supplied html and produces a well formed xml.