You know that SimpleHtmlSanitizer.java only accepts the following markup ("b", "em", "i", "h1", "h2", "h3", "h4", "h5", "h6", "hr", "ul", "ol", "li"). It is good but I want "u", "sub", "a href=" & don't want "hr", "ul", "ol", "li". So I need to modify this class.當修改SimpleHtmlSanitizer.java,如何處理<a href=> (Gwt)?
Now look at the SimpleHtmlSanitizer.java (https://code.google.com/p/google-web-toolkit/source/browse/trunk/user/src/com/google/gwt/safehtml/shared/SimpleHtmlSanitizer.java?r=8653)&看看這條線在該類:
Arrays.asList("b", "em", "i", "h1", "h2", "h3", "h4", "h5", "h6", "hr", "ul", "ol", "li"));
你可以猜測,我們可以把我們的希望清單到該行代碼的權利。所以我將它修改爲:
Arrays.asList("b","i", "u", "h1", "h2", "h3", "h4","a href="));
除了「a href =」,該列表中的每個標記都可以正常工作。例如,當我把字符串Test <a href="car.com"><hr>hello</a>
它沒有顯示正確的輸出。正確的輸出應該有超鏈接字符串<hr>hello
。
因此,如何在<a href=
考慮到make-href可能以不安全的方式使用,所以您必須清理url。試試'test' - 如果你看到一個警告彈出窗口,你沒有正確地阻止在你的應用中運行任意的(和不安全的!)JavaScript。這只是一個例子,還有其他一些情況,請查看UriUtils的URL清理。 – 2013-05-04 19:29:08