View Javadoc
1   package ys.wikiparser;
2   
3   import org.owasp.html.HtmlPolicyBuilder;
4   import org.owasp.html.PolicyFactory;
5   
6   public class XSSSanitizer {
7   
8       // Create a PolicyFactory to define what HTML tags and attributes are allowed
9       private static final PolicyFactory POLICY_FACTORY = new HtmlPolicyBuilder()
10              .allowElements("a", "b", "i", "u", "p", "br", "div", "span", "ul", "ol", "li", "strong", "em", "strike", "sub", "sup", "pre", "code", "blockquote", "hr", "h1", "h2", "h3", "h4", "h5", "h6", "table", "thead", "tbody", "tfoot", "tr", "th", "td", "caption", "img")
11              .allowAttributes("href").onElements("a")
12              .allowAttributes("style").onElements("div", "span", "p")
13              .allowAttributes("class").globally()
14              .toFactory();
15  
16      public static String sanitize(String input) {
17          // Ensure the input is a string
18          if (input == null) {
19              return null;
20          }
21  
22          // Use the POLICY_FACTORY to sanitize the input
23          return POLICY_FACTORY.sanitize(input);
24      }
25  
26  }