HtmlPolicyBuilder OWASP 消毒剂
HtmlPolicyBuilder OWASP Sanitizer
谁能解释一下为什么我这样做:
PolicyFactory policy = new HtmlPolicyBuilder()
.allowElements("a")
.toFactory();
policy.sanitize("<a></a>");
我得到空的净化内容?
我用owasp-java-html-sanitizer-20200713.1.jar
使用:.allowWithoutAttributes("a") 解决了问题。
根据
https://github.com/OWASP/java-html-sanitizer
Please note that the elements "a", "font", "img", "input" and "span" need >>to be explicitly whitelisted using the allowWithoutAttributes() method if >>you want them to be allowed through the filter when these elements do not >>include any attributes.
谁能解释一下为什么我这样做:
PolicyFactory policy = new HtmlPolicyBuilder()
.allowElements("a")
.toFactory();
policy.sanitize("<a></a>");
我得到空的净化内容?
我用owasp-java-html-sanitizer-20200713.1.jar
使用:.allowWithoutAttributes("a") 解决了问题。
根据 https://github.com/OWASP/java-html-sanitizer
Please note that the elements "a", "font", "img", "input" and "span" need >>to be explicitly whitelisted using the allowWithoutAttributes() method if >>you want them to be allowed through the filter when these elements do not >>include any attributes.