sanitizehtml()

Sanitizes unsafe HTML input and removes elements and attributes like JavaScript, onclick, etc.

See also OWASP Java HTML Sanitizer

Requires Extension: ESAPI extension

sanitizehtml( string=string, policy=any );

Returns: String

Argument Description
string
string, required

string to sanitize

policy
any, optional

Either a org.owasp.html.PolicyFactory or a String with built in Sanitizers.

If omitted then all of the built-in policies are applied.

The built in Sanitizers are:

  • FORMATTING
  • BLOCKS
  • STYLES
  • LINKS
  • TABLES
  • IMAGES

Examples

There are currently no examples for this function

See also