com.jcorporate.expresso.core.security.filters
Class AllowedHtmlPlusURLFilter

java.lang.Object
  com.jcorporate.expresso.core.security.filters.Filter
      com.jcorporate.expresso.core.security.filters.HtmlFilter
          com.jcorporate.expresso.core.security.filters.HtmlPlusURLFilter
              com.jcorporate.expresso.core.security.filters.AllowedHtmlPlusURLFilter

public class AllowedHtmlPlusURLFilter

extends HtmlPlusURLFilter

This class provides a filter implementation for HTML output, protecting against XSS exploits, but allows a small subset of HTML through, for simple formatting. It also creates anchor () tags for anything that starts with 'http://', 'www.', etc.

Author:

Patricia Schank

Field Summary

static String[]

ALLOWED_HTML

Fields inherited from class com.jcorporate.expresso.core.security.filters.HtmlPlusURLFilter

MAX_CHARS_IN_URL_LABEL, URL_INFORMAL_PREFIXES, URL_TYPES

Fields inherited from class com.jcorporate.expresso.core.security.filters.HtmlFilter

REPLACE_LIST, SPECIAL_STRING_LIST

Constructor Summary

AllowedHtmlPlusURLFilter()
No-arg constructor required Just append special html filtering string list with allowed html

Methods inherited from class com.jcorporate.expresso.core.security.filters.HtmlPlusURLFilter

addHttpPrefixIfNeeded, findEndOfHref, getWebHostPort, hasValidUrlPrefix, insertHrefTags, isValidUrl, standardFilter

Methods inherited from class com.jcorporate.expresso.core.security.filters.Filter

rawFilter, stripFilter

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ALLOWED_HTML

public static final String[] ALLOWED_HTML

Constructor Detail

AllowedHtmlPlusURLFilter

public AllowedHtmlPlusURLFilter()
                         throws IllegalArgumentException

No-arg constructor required Just append special html filtering string list with allowed html