Message Title

Marco Janc commented on an issue

Hi Gunnar,

this seems good. But I would extend "additionalTags" for this purpose.

The reason why I thought something like

                                                    @SafeHtml(whitelistClass=MyWhitelist.class)
                                                

would be great is that the instance could be a reusable final static one. This would allow for most control and would be independant of any features jsoup will add in the future.

(JSoup itself should also allow to restrict the content of the attributes, to prevent for xss attacking, will file an Issue at jsoup.org later)

Using same

                                                    @SafeHtml
                                                

on multiple entities with same attributes one would have to either wrap it into a new validator itself or solve it with the class approach.

Like following example:

                                                    "Static.java"
                                                
                                                    public final static WhiteList MY_WHITELIST;

static
{
    // create new whitelist or use a default list as base
    MY_WHITELIST = new WhiteList();
    MY_WHITELIST.add

}

                                                    "Entity.java"
                                                
                                                    @SafeHtml(whiteList = Static.MY_WHITELIST)
private String html;

Hibernate Validator /

HV-817

Add Comment

This message was sent by Atlassian JIRA