Package ortus.boxlang.modules.esapi.bifs

Class SanitizeHTML

java.lang.Object

ortus.boxlang.runtime.bifs.BIF

ortus.boxlang.modules.esapi.bifs.SanitizeHTML

@BoxBIF
@BoxMember(type=STRING)
public class SanitizeHTML
extends ortus.boxlang.runtime.bifs.BIF

Field Summary

Fields inherited from class ortus.boxlang.runtime.bifs.BIF

__functionName, __isMemberExecution, asyncService, cacheService, componentService, declaredArguments, functionService, interceptorService, moduleService, runtime

Constructor Summary

Constructors

Constructor	Description
SanitizeHTML()	Constructor

Method Summary

Modifier and Type	Method	Description
Object	_invoke(ortus.boxlang.runtime.context.IBoxContext context, ortus.boxlang.runtime.scopes.ArgumentsScope arguments)	Sanitizes unsafe HTML to protect against XSS attacks using the OWASP Java HTML Sanitizer.

Methods inherited from class ortus.boxlang.runtime.bifs.BIF

announce, getDeclaredArguments, invoke

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SanitizeHTML

public SanitizeHTML()

Constructor

Method Details

_invoke

public Object _invoke(ortus.boxlang.runtime.context.IBoxContext context,
 ortus.boxlang.runtime.scopes.ArgumentsScope arguments)

Sanitizes unsafe HTML to protect against XSS attacks using the OWASP Java HTML Sanitizer.

The policy can be one of the following:

• blocks
• formatting
• images
• links
• styles
• tables

If no policy is provided, all policies are used.

You can also provide a OWASP PolicyFactory object to use a custom policy.

Specified by:

_invoke in class ortus.boxlang.runtime.bifs.BIF

Parameters:

context - The context in which the BIF is being invoked.

arguments - Argument scope for the BIF.

Returns:

The sanitized HTML string.

Throws:

ortus.boxlang.runtime.types.exceptions.BoxRuntimeException - If the policy does not exist.