Server side HTML sanitizer/cleanup for JSF

by

In order to achieve that, you basically need a standalone HTML parser. HTML parsing is rather complex and the task and responsibility of that is beyond the scope of JSF, PrimeFaces and OmniFaces. You’re supposed to just grab one of the many existing HTML parsing libraries.

An example is Jsoup, it has even a separate method for the particular purpose of sanitizing HTML against a Safelist: Jsoup#clean(). For example, if you want to allow some basic HTML without images, use Safelist.basic():

String sanitizedHtml = Jsoup.clean(rawHtml, Safelist.basic());

A completely different alternative is to use a specific text formatting syntax, such as Markdown (which is also used here). Basically all of those parsers also sanitize HTML under the covers. An example is CommonMark. Perhaps this is what you actually meant when you said “stackexchange style”.

As to saving in DB, you’d better save both the raw and parsed forms in 2 separate text columns. The raw form should be redisplayed during editing. The parsed form should be updated in background when the raw form has been edited. During display, obviously only show the parsed form with escape="false".

See also:

More Related Contents:

  1. Understanding PrimeFaces process/update and JSF f:ajax execute/render attributes
  2. Pass an object between @ViewScoped beans without using GET params
  3. Unicode input retrieved via PrimeFaces input components become corrupted
  4. How to show details of current row from p:dataTable in a p:dialog and update after save
  5. PrimeFaces CSS look’n’feel missing and JS “Uncaught Reference Error: PrimeFaces is not defined”
  6. How do PrimeFaces Selectors as in update=”@(.myClass)” work?
  7. Display database blob images in inside
  8. File upload doesn’t work with AJAX in PrimeFaces 4.0/JSF 2.2.x – javax.servlet.ServletException: The request content-type is not a multipart/form-data
  9. How to use with DefaultStreamedContent in an ui:repeat?
  10. @SessionScoped bean looses scope and gets recreated all the time, fields become null
  11. PrimeFaces validator not fired
  12. How to do double-click prevention in JSF
  13. How to bind dynamic content using ?
  14. Difference between rendered and visible attributes of
  15. PrimeFaces CSS skin not showing in login page, also JavaScript undefined errors
  16. Creating master-detail table and dialog, how to reuse same dialog for create and edit
  17. What is the function of @this exactly?
  18. p:dataExporter does not recognize p:cellEditor
  19. Customize primefaces chart
  20. PrimeFaces commandButton doesn’t navigate or update
  21. How to use EL in PrimeFaces oncomplete attribute which is updated during action method
  22. How do UISelectOne and UISelectMany components preselect defaults in f:selectItems
  23. Updating entire on complete of
  24. How to use java.time.ZonedDateTime / LocalDateTime in p:calendar
  25. JSF: Mojarra vs. OmniFaces @ViewScoped: @PreDestroy called but bean can’t be garbage collected
  26. Calling Primefaces dialog box from Managed Bean function
  27. Populate p:selectOneMenu based on another p:selectOneMenu in each row of a p:dataTable
  28. LazyInitializationException in selectManyCheckbox on @ManyToMany(fetch=LAZY)
  29. Automatically open the printer dialog after providing PDF download
  30. JSF resource versioning

Leave a Comment