Reputation: 11645
customizing the Antisamy policy xml to allow more html and grails tags
I am using the sanitizer plugin in grails and it internally uses the antisamy policy xml to apply sanitization rules to ui input. The policy xml I have selected is antisamy-myspace.xml which filters javascript tags and code and the < html > and < body > and < head > tags.
The problem is its also rejecting some grails tags particularly the following 2:
1) <g:formatDate date="${frmDateStr}" format="EEE, MMMM dd, yyyy"/>
2) <g:each in="${resourcelist}" var="resourceid"> some content here..</g:each>
These two tags do not pass the validation, I need to make them pass or allowable through the validator, also I want to allow the < html > and < body > and < head > tags.
How do I modify the antisamy policy file to allow these tags?\ Thanks in Advance
Upvotes: 1
Views: 2514
Answers (1)
Reputation: 749
Have a look at the antisamy-anythinggoes sanitizer policy file, and then just trace all the bits for an known tag. From a quick browse, it looks like you'll need entries in tag-rules, and make sure to specify the attributes. You will have to define the reg expressions to catch those values as well. More about Antisamy can be found [here].1
Upvotes: 0
Related Questions
- How to include all the elements in PolicyBuilder in OWASP Java HTML Sanitizer
- Configuring Content-Security-Policy header for grails 2.5 application
- Grails Prevent HTML modifications
- Tag that wraps another tag in grails?
- Grails custom tag out<<
- Custom Tag Library in grails not passing HTML tags out properly
- grails custom tag puts html tags as String literal
- New grails 2.3.7 app is ignoring <%= %>
- Gsp pages preserve html tags when replacing with string
- Escaping only specific tags in grails