|
|
Hi Gunnar,
thanks for your quick reply
this seems good. But if I would extend "additionalTags" for this purpose.
The reason why I thought something like {code}@SafeHtml(whitelistClass=MyWhitelist.class){code} would be great is that the instance could be a reusable final static one. This would allow for most control and would be independant of any features jsoup will add in the future.
(JSoup itself should also allow to restrict the content of the attributes, to prevent for xss attacking, will file an Issue at jsoup.org later)
Using same {code} " @SafeHtml {code} " on multiple entities with same attributes one would have to either wrap it into a new validator itself or solve it with the class approach.
Like following example:
{code:title="Static.java"}
public final static WhiteList MY_WHITELIST;
static
{
// create new whitelist or use a default list as base
MY_WHITELIST = new WhiteList();
MY_WHITELIST.add
}
{code}
{code:title="Entity.java"}
@SafeHtml(whiteList = Static.MY_WHITELIST)
private String html;
{code}
|
|
|
|
|
|
|
|
