SanitizeHtml()
Sanitizes unsafe HTML input and removes elements and attributes like JavaScript, onclick, etc.
See also OWASP Java HTML Sanitizer
Requires Extension: ESAPI extension
SanitizeHtml( string=string, policy=any );
Returns: String
Examples
html = '<!DOCTYPE html><html><body><h2>HTML Forms</h2><form action="/action_page.cfm"><label for="fname">First name:</label><br><input type="text" id="fname" name="fname"value="Pothys"><br><br><br><input type="submit" value="Submit">
</form><p>If you click the "Submit" button, the form-data will be sent to a page called "/action_page.cfm".</p></body></html>';
writeDump(var=html, label='html');
test = SanitizeHtml(html);
writeDump(var=test, label='SanitizeHtml');
See also
- Encode/Decode
- HTML
- string.sanitizeHTML()
- Search Issue Tracker
- Search Lucee Test Cases (good for further, detailed examples)