diff options
author | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2021-07-18 21:33:24 +0200 |
---|---|---|
committer | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2021-07-18 21:33:24 +0200 |
commit | 95cc08732df33d5c6e748fe3f0e5c88eca3d1ba0 (patch) | |
tree | 4d91f48e3fc88166c90d560822aa31f3a505bdcd /src/main | |
parent | 9307632512461bf56615ed1cd94b429104e88dae (diff) |
KB66 Sanitize HTML in posts.
Change-Id: I4987c74e90befb226f1bf1f06129a665f32544bf
Diffstat (limited to 'src/main')
-rw-r--r-- | src/main/java/eu/mulk/mulkcms2/common/markdown/MarkdownConverter.java | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/main/java/eu/mulk/mulkcms2/common/markdown/MarkdownConverter.java b/src/main/java/eu/mulk/mulkcms2/common/markdown/MarkdownConverter.java index 68f7a18..cd75afe 100644 --- a/src/main/java/eu/mulk/mulkcms2/common/markdown/MarkdownConverter.java +++ b/src/main/java/eu/mulk/mulkcms2/common/markdown/MarkdownConverter.java @@ -11,6 +11,8 @@ import com.vladsch.flexmark.parser.Parser; import com.vladsch.flexmark.util.data.MutableDataSet; import java.util.Arrays; import javax.enterprise.context.ApplicationScoped; +import org.jsoup.Jsoup; +import org.jsoup.safety.Whitelist; @ApplicationScoped public class MarkdownConverter { @@ -41,6 +43,7 @@ public class MarkdownConverter { public String htmlify(String markdown) { var parsedDocument = parser.parse(markdown); - return renderer.render(parsedDocument); + var unsanitizedHtml = renderer.render(parsedDocument); + return Jsoup.clean(unsanitizedHtml, Whitelist.relaxed()); } } |