ABAP
IF_HTTP_UTILITY~ESCAPE_URL
JavaScript
开源的sanitizer库,Google搞的。
https://www.npmjs.com/package/sanitizer
sanitizer.escape('your dirty string');
用于C4C:
在Java里使用这个JS library:
public class CajaSanitiser {
private final ScriptEngine engine;
private final Bindings bindings;
public CajaSanitiser() throws IOException, ScriptException {
this.engine = new ScriptEngineManager().getEngineByName("js");
this.bindings = engine.getBindings(ScriptContext.ENGINE_SCOPE);
String scriptName = "com/google/caja/plugin/html-css-sanitizer-minified.js";
try (BufferedReader reader = getReader(scriptName)) {
engine.eval(reader);
}
String identity = "function identity(value) {return value;}";
engine.eval(identity);
}
private BufferedReader getReader(String name) {
return new BufferedReader(new InputStreamReader(
getClass().getClassLoader().getResourceAsStream(name)));
}
public String sanitise(String htmlSource) throws ScriptException {
bindings.put("src", htmlSource);
// You can use other functions beside 'identity' if you
// want to transform the html.
// See https://code.google.com/p/google-caja/wiki/JsHtmlSanitizer
return (String) engine.eval("html_sanitize(src, identity, identity)");
}
public static void main(String[] args) throws Exception {
CajaSanitiser sanitiser = new CajaSanitiser();
String source = "<html>
" +
"<head>
" +
"<style>
" +
"h1 {color:blue;}
" +
"</style>
" +
"</head>
" +
"<body>
" +
"<h1>A heading</h1>
" +
"</body>
" +
"</html>";
System.out.println("Original HTML with CSS:");
System.out.println(source);
System.out.println();
System.out.println("Sanitised HTML:");
System.out.println(sanitiser.sanitise(source));
}
}
Maven dependency:
<dependencies>
<dependency>
<groupId>caja</groupId>
<artifactId>caja</artifactId>
<version>r5127</version>
</dependency>
</dependencies>
要获取更多Jerry的原创文章,请关注公众号"汪子熙":