jsoup 过滤白名单不生效
public static String cleanHtml(String content) {
//添加保留的标签
Safelist whitelist = new Safelist();
//添加保留的标签和属性
whitelist.addTags("video");
whitelist.addAttributes("video", "class", "style","controls", "controlsList","x5-video-player-fullscreen");
//去除不需要的标签,保留的标签内容清除
String cleanHtmlStr = Jsoup.clean(content, whitelist);
// 替换标签展示
return cleanHtmlStr.replaceAll("\n", "")
.replaceAll(" ", "");
}
public static void main(String[] args) {
String strHTML = "222<video class=\"quill-upload-video 111\" controlsList=\"true\" style=\"max-width: 180px; height: auto\" ></video>";
String cleanHtml = cleanHtml(strHTML);
System.out.println(cleanHtml);
}
进行过滤不生效,导致controlsList还是会被清除,原因是org.jsoup.safety.Cleaner#createSafeElement方法中调用
protected boolean isSafeAttribute(String tagName, Element el, Attribute attr) {
TagName tag = TagName.valueOf(tagName);
AttributeKey key = AttributeKey.valueOf(attr.getKey());
Set<AttributeKey> okSet = attributes.get(tag);
if (okSet != null && okSet.contains(key)) {
if (protocols.containsKey(tag)) {
Map<AttributeKey, Set<Protocol>> attrProts = protocols.get(tag);
// ok if not defined protocol; otherwise test
return !attrProts.containsKey(key) || testValidProtocol(el, attr, attrProts.get(key));
} else { // attribute found, no protocols defined, so OK
return true;
}
}
// might be an enforced attribute?
Map<AttributeKey, AttributeValue> enforcedSet = enforcedAttributes.get(tag);
if (enforcedSet != null) {
Attributes expect = getEnforcedAttributes(tagName);
String attrKey = attr.getKey();
if (expect.hasKeyIgnoreCase(attrKey)) {
return expect.getIgnoreCase(attrKey).equals(attr.getValue());
}
}
// no attributes defined for tag, try :all tag
return !tagName.equals(":all") && isSafeAttribute(":all", el, attr);
}`
老版本,key没有进行属性小写: AttributeKey.valueOf(attr.getKey());
导致if (okSet != null && okSet.contains(key)) 不生效
浙公网安备 33010602011771号