| <?xml version="1.0" encoding="UTF-8"?> |
| |
| <!-- |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| --> |
| |
| <ui:composition template="/main.xhtml" |
| xmlns:tc="http://myfaces.apache.org/tobago/component" |
| xmlns:ui="http://xmlns.jcp.org/jsf/facelets" |
| xmlns="http://www.w3.org/1999/xhtml"> |
| |
| <ui:param name="title" value="Sanitizer"/> |
| |
| <ul> |
| <li>Filter all suspicious content from |
| <demo-highlight language="markup"><tc:textarea></demo-highlight> and |
| <demo-highlight language="markup"><tc:out escape="false"></demo-highlight> |
| </li> |
| <li>See <tc:link label="OWASP Java HTML Sanitizer Project" |
| link="https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project" |
| image="fa-external-link" /></li> |
| <li>The filter can be configured the <code>tobago-config.xml</code> file with |
| the <code class="language-markup"><sanitizer></code> tag.</li> |
| </ul> |
| Example for an configuration which is active by default: |
| <demo-highlight language="markup"><sanitizer> |
| <sanitizer-class>org.apache.myfaces.tobago.sanitizer.JsoupSanitizer</sanitizer-class> |
| <properties> |
| <!-- Use one of: basic, basicWithImages, relaxed, simpleText or none --> |
| <entry key="whitelist">relaxed</entry> |
| </properties> |
| </sanitizer></demo-highlight> |
| |
| </ui:composition> |