|
|
|
I use '@SafeHtml' on PsersonDto like this:
{code:title=PersonDto.java} ... @NotBlank @SafeHtml(whitelistType = WhiteListType.NONE) private String firstName; ... {code}
And validate this on Spring Controller like this:
{code:title=RegistrationController.java} ... @RequestMapping(value = "/registrationUser", method = RequestMethod.POST) public String registrationUser(@Valid PersonDto personDto, BindingResult result) { logger.debug("registrationUser"); logger.debug("personDto: {}", personDto); if (result.hasErrors()) { for (ObjectError error : result.getAllErrors()) { logger.error("error: {}", error.getDefaultMessage()); } return formViewName; } else { personManager.registrationPerson(personDto); return completedViewName; } } ... {code}
When I test, <script>, <b> tag is not allowed . (result.hasErrors() is true) But , but <td>, <tr> is allowed. (result.hasErrors() is false)
When I use 'NONE' option, whitelist should allows only onl text nodes. Is this hibernate validator's bug or Spring framework's bug?
|
|
|
|