How to remove all tag except witelisted tag JSOUP

Question

String html = "<video width='320' height='240' controls autoplay> <source src='movie.ogg' type='video/ogg'> <source src='movie.mp4' type='video/mp4'> <object data='movie.mp4' width='320' height='240'> <embed width='320' height='240' src='movie.swf'> </object></video><canvas id='myCanvas' width='200' height='100' style='border:1px solid #000000;'>Your browser does not support the HTML5 canvas tag.</canvas><article> <header> <h1>Internet Explorer 9</h1> <p><time pubdate datetime='2011-03-15'></time></p> </header> <p>Windows Internet Explorer 9 (abbreviated as IE9) was released to the public on March 14, 2011 at 21:00 PDT.....</p></article><footer> <p>Posted by: Hege Refsnes</p> <p>Contact information: <a href='mailto:someone@example.com'> someone@example.com</a>.</p></footer> <nav> <a href='/html/'>HTML</a> | <a href='/css/'>CSS</a> | <a href='/js/'>JavaScript</a> | <a href='/jquery/'>jQuery</a></nav> <section> <h1>WWF</h1> <p>The World Wide Fund for Nature (WWF) is....</p></section><datalist id='browsers'> <option value='Internet Explorer'> <option value='Firefox'> <option value='Chrome'> <option value='Opera'> <option value='Safari'></datalist> <audio controls> <source src='horse.ogg' type='audio/ogg'> <source src='horse.mp3' type='audio/mpeg'>Your browser does not support the audio element.</audio> <progress value='22' max='100'>teasdklfjashdfjkl</progress> ";
        String toDoRemoveTAG = "style,img,script,noscript,hr,input";
        String allowTagList = "p,span,b,i,u,div,br,a";
        Document doc = Jsoup.parse(html);
        Elements els = doc.select(toDoRemoveTAG);
        for (Element e : els)
        {
            e.remove();
        }

        Whitelist whitelist = new Whitelist();
        whitelist.addTags(allowTagList.split(","));
        whitelist.addAttributes("a", "href");
        Cleaner cleaner = new Cleaner(whitelist);
        doc = cleaner.clean(doc);

        System.out.println(doc.select("body").html());

I am using above program to only allow whitelisted tag and remove other tags(even remove stripped text). I want to know is there any API or OOTB solution to achieve the same, where I just need to pass whitelisted tag and function will remove other tags

I do not want to do this manually like I did.

Elements els = doc.select(toDoRemoveTAG);
for (Element e : els)
{
  e.remove();
}

Answer 1

Cant we negate the toDoRemoveTAG and then construct a whitelist with that and do cleaning? I mean get all tag from the document then construct a whitelist by removing all tags and attributes in toDoRemoveTAG.

I meant something like this.

import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;

import org.jsoup.Jsoup;
import org.jsoup.nodes.Attribute;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.Element;
import org.jsoup.safety.Cleaner;
import org.jsoup.safety.Whitelist;
import org.jsoup.select.Collector;
import org.jsoup.select.Evaluator;

public class MatrixMultiplication {

    public static void main(String[] args) throws Exception {

        String html = "<video width='320' height='240' controls autoplay> <source src='movie.ogg' type='video/ogg'> "
                + "<source src='movie.mp4' type='video/mp4'> <object data='movie.mp4' width='320' height='240'> "
                + "<embed width='320' height='240' src='movie.swf'> </object></video>"
                + "<canvas id='myCanvas' width='200' height='100' style='border:1px solid #000000;'>"
                + "Your browser does not support the HTML5 canvas tag.</canvas><article> <header> "
                + "<h1>Internet Explorer 9</h1> <p><time pubdate datetime='2011-03-15'></time></p> "
                + "</header> <p>Windows Internet Explorer 9 (abbreviated as IE9) was released to the public on March 14, 2011 at 21:00 PDT.....</p>"
                + "</article><footer> <p>Posted by: Hege Refsnes</p> <p>Contact information: <a href='mailto:someone@example.com'> someone@example.com</a>.</p>"
                + "</footer> <nav> <a href='/html/'>HTML</a> | <a href='/css/'>CSS</a> | <a href='/js/'>JavaScript</a> | "
                + "<a href='/jquery/'>jQuery</a></nav> <section> <h1>WWF</h1> <p>The World Wide Fund for Nature (WWF) is....</p></section><datalist id='browsers'>"
                + " <option value='Internet Explorer'> <option value='Firefox'> <option value='Chrome'> <option value='Opera'> <option value='Safari'></datalist>"
                + " <audio controls> <source src='horse.ogg' type='audio/ogg'> <source src='horse.mp3' type='audio/mpeg'>Your browser does not support the audio element.</audio>"
                + " <progress value='22' max='100'>teasdklfjashdfjkl</progress> ";

        String toDoRemoveTAG = "style,img,script,noscript,hr,input";
        String allowTagList = "p,span,b,i,u,div,br,a";
        Document doc = Jsoup.parse(html);

        Whitelist whitelist = buildWhiteList(doc, Arrays.asList(toDoRemoveTAG.toUpperCase().split(",")));
        Cleaner cleaner = new Cleaner(whitelist);
        doc = cleaner.clean(doc);
        System.out.println(doc.select("body").html());
    }

    private static Whitelist buildWhiteList(Document doc, List<String> toDoRemoveTAG) throws InstantiationException, IllegalAccessException {
        Whitelist whitelist = new Whitelist();
        Set<String> allowedTags = new HashSet<String>();
        Map<String, Set<String>> allowedAttributes = new HashMap<String, Set<String>>();

        for(Element e : Collector.collect(Evaluator.AllElements.class.newInstance(), doc)){

            if(!toDoRemoveTAG.contains(e.tagName().toUpperCase())){
                allowedTags.add(e.tagName());
                for(Attribute attr : e.attributes()){
                    if(!toDoRemoveTAG.contains(attr.getKey().toUpperCase())){
                        if(allowedAttributes.containsKey(e.tagName())){
                            allowedAttributes.get(e.tagName()).add(attr.getKey());
                        } else {
                            allowedAttributes.put(e.tagName(), new HashSet<String>() {{ add(attr.getKey()); }});
                        }
                    }
                }
            }
        }
        whitelist.addTags(allowedTags.toArray(new String[allowedTags.size()]));
        for(Entry<String, Set<String>> e :  allowedAttributes.entrySet()){
            whitelist.addAttributes(e.getKey(), e.getValue().toArray(new String[e.getValue().size()]));
        }
        return whitelist;
    }

}

Answer 2

you can use the jsoup HTML Cleaner with a configuration specified by a Whitelist.

String unsafe =  "<p><a href='http://example.com/' onclick='stealCookies()'>Link</a></p>";
String safe = Jsoup.clean(unsafe, Whitelist.basic());
// now: <p><a href="http://example.com/" rel="nofollow">Link</a></p>