SanitizeHtml()

Sanitizes unsafe HTML input and removes elements and attributes like JavaScript, onclick, etc.

Requires Extension: ESAPI extension


	SanitizeHtml( string=string, policy=any );

Returns: String

Argument	Description
string _{string, required}	string to sanitize
policy _{any, optional}	Either a org.owasp.html.PolicyFactory or a String with built in Sanitizers. If omitted then all of the built-in policies are applied. The built in Sanitizers are: FORMATTING BLOCKS STYLES LINKS TABLES IMAGES

Argument

Description

string

_{string,

required}

string to sanitize

policy

_{any,

optional}

Either a org.owasp.html.PolicyFactory or a String with built in Sanitizers.

If omitted then all of the built-in policies are applied.

The built in Sanitizers are:

FORMATTING
BLOCKS
STYLES
LINKS
TABLES
IMAGES

Examples

    html = '<!DOCTYPE html><html><body><h2>HTML Forms</h2><form action="/action_page.cfm"><label for="fname">First name:</label><br><input type="text" id="fname" name="fname"value="Pothys"><br><br><br><input type="submit" value="Submit">
    </form><p>If you click the "Submit" button, the form-data will be sent to a page called "/action_page.cfm".</p></body></html>';

    writeDump(var=html, label='html');
    test = SanitizeHtml(html);
    writeDump(var=test, label='SanitizeHtml');

SanitizeHtml()

Examples

See also