sanitizeHtml()
Sanitizes unsafe HTML input and removes elements and attributes like JavaScript, onclick, etc.
Based on
Which is similiar but different to getSafeHtml()
which uses antisamy (currently unimplemented, see [LDEV-838] - Lucee)
Example
sanitizeHtml(string string,[any policy]):string
Category
ESAPI,HTML
Arguments
The arguments for this function are set. You can not use other arguments except the following ones.
Name | Type | Required | Description |
---|---|---|---|
string | string | Yes | string to sanitize |
policy | any | No | Either a org.owasp.html.PolicyFactory or a String with built in Sanitizers. If omitted then all of the built-in policies are applied. The built in Sanitizers are: |
- FORMATTING
- BLOCKS
- STYLES
- LINKS
- TABLES
- IMAGES
Already bundled in 5.3.9 RC3, local reference http://127.0.0.1:8888/lucee/doc/functions.cfm?item=sanitizehtml