String html = "<video width='320' height='240' controls autoplay> <source src='movie.ogg' type='video/ogg'> <source src='movie.mp4' type='video/mp4'> <object data='movie.mp4' width='320' height='240'> <embed width='320' height='240' src='movie.swf'> </object></video><canvas id='myCanvas' width='200' height='100' style='border:1px solid #000000;'>Your browser does not support the HTML5 canvas tag.</canvas><article> <header> <h1>Internet Explorer 9</h1> <p><time pubdate datetime='2011-03-15'></time></p> </header> <p>Windows Internet Explorer 9 (abbreviated as IE9) was released to the public on March 14, 2011 at 21:00 PDT.....</p></article><footer> <p>Posted by: Hege Refsnes</p> <p>Contact information: <a href='mailto:someone@example.com'> someone@example.com</a>.</p></footer> <nav> <a href='/html/'>HTML</a> | <a href='/css/'>CSS</a> | <a href='/js/'>JavaScript</a> | <a href='/jquery/'>jQuery</a></nav> <section> <h1>WWF</h1> <p>The World Wide Fund for Nature (WWF) is....</p></section><datalist id='browsers'> <option value='Internet Explorer'> <option value='Firefox'> <option value='Chrome'> <option value='Opera'> <option value='Safari'></datalist> <audio controls> <source src='horse.ogg' type='audio/ogg'> <source src='horse.mp3' type='audio/mpeg'>Your browser does not support the audio element.</audio> <progress value='22' max='100'>teasdklfjashdfjkl</progress> ";
String toDoRemoveTAG = "style,img,script,noscript,hr,input";
String allowTagList = "p,span,b,i,u,div,br,a";
Document doc = Jsoup.parse(html);
Elements els = doc.select(toDoRemoveTAG);
for (Element e : els)
{
e.remove();
}
Whitelist whitelist = new Whitelist();
whitelist.addTags(allowTagList.split(","));
whitelist.addAttributes("a", "href");
Cleaner cleaner = new Cleaner(whitelist);
doc = cleaner.clean(doc);
System.out.println(doc.select("body").html());
我使用上面的程序只允许列入白名单的标签并删除其他标签(甚至删除剥离的文本)。我想知道是否有任何API或OOTB解决方案实现相同,我只需要传递白名单标签和功能将删除其他标签
我不想像我那样手动执行此操作。
Elements els = doc.select(toDoRemoveTAG);
for (Element e : els)
{
e.remove();
}
答案 0 :(得分:2)
您可以将jsoup HTML Cleaner与白名单指定的配置一起使用。
String unsafe = "<p><a href='http://example.com/' onclick='stealCookies()'>Link</a></p>";
String safe = Jsoup.clean(unsafe, Whitelist.basic());
// now: <p><a href="http://example.com/" rel="nofollow">Link</a></p>
答案 1 :(得分:1)
我们是否可以否定toDoRemoveTAG,然后使用它构建白名单并进行清理?我的意思是从文档中获取所有标记,然后通过删除toDoRemoveTAG中的所有标记和属性来构建白名单。
我的意思是这样的。
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Attribute;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.Element;
import org.jsoup.safety.Cleaner;
import org.jsoup.safety.Whitelist;
import org.jsoup.select.Collector;
import org.jsoup.select.Evaluator;
public class MatrixMultiplication {
public static void main(String[] args) throws Exception {
String html = "<video width='320' height='240' controls autoplay> <source src='movie.ogg' type='video/ogg'> "
+ "<source src='movie.mp4' type='video/mp4'> <object data='movie.mp4' width='320' height='240'> "
+ "<embed width='320' height='240' src='movie.swf'> </object></video>"
+ "<canvas id='myCanvas' width='200' height='100' style='border:1px solid #000000;'>"
+ "Your browser does not support the HTML5 canvas tag.</canvas><article> <header> "
+ "<h1>Internet Explorer 9</h1> <p><time pubdate datetime='2011-03-15'></time></p> "
+ "</header> <p>Windows Internet Explorer 9 (abbreviated as IE9) was released to the public on March 14, 2011 at 21:00 PDT.....</p>"
+ "</article><footer> <p>Posted by: Hege Refsnes</p> <p>Contact information: <a href='mailto:someone@example.com'> someone@example.com</a>.</p>"
+ "</footer> <nav> <a href='/html/'>HTML</a> | <a href='/css/'>CSS</a> | <a href='/js/'>JavaScript</a> | "
+ "<a href='/jquery/'>jQuery</a></nav> <section> <h1>WWF</h1> <p>The World Wide Fund for Nature (WWF) is....</p></section><datalist id='browsers'>"
+ " <option value='Internet Explorer'> <option value='Firefox'> <option value='Chrome'> <option value='Opera'> <option value='Safari'></datalist>"
+ " <audio controls> <source src='horse.ogg' type='audio/ogg'> <source src='horse.mp3' type='audio/mpeg'>Your browser does not support the audio element.</audio>"
+ " <progress value='22' max='100'>teasdklfjashdfjkl</progress> ";
String toDoRemoveTAG = "style,img,script,noscript,hr,input";
String allowTagList = "p,span,b,i,u,div,br,a";
Document doc = Jsoup.parse(html);
Whitelist whitelist = buildWhiteList(doc, Arrays.asList(toDoRemoveTAG.toUpperCase().split(",")));
Cleaner cleaner = new Cleaner(whitelist);
doc = cleaner.clean(doc);
System.out.println(doc.select("body").html());
}
private static Whitelist buildWhiteList(Document doc, List<String> toDoRemoveTAG) throws InstantiationException, IllegalAccessException {
Whitelist whitelist = new Whitelist();
Set<String> allowedTags = new HashSet<String>();
Map<String, Set<String>> allowedAttributes = new HashMap<String, Set<String>>();
for(Element e : Collector.collect(Evaluator.AllElements.class.newInstance(), doc)){
if(!toDoRemoveTAG.contains(e.tagName().toUpperCase())){
allowedTags.add(e.tagName());
for(Attribute attr : e.attributes()){
if(!toDoRemoveTAG.contains(attr.getKey().toUpperCase())){
if(allowedAttributes.containsKey(e.tagName())){
allowedAttributes.get(e.tagName()).add(attr.getKey());
} else {
allowedAttributes.put(e.tagName(), new HashSet<String>() {{ add(attr.getKey()); }});
}
}
}
}
}
whitelist.addTags(allowedTags.toArray(new String[allowedTags.size()]));
for(Entry<String, Set<String>> e : allowedAttributes.entrySet()){
whitelist.addAttributes(e.getKey(), e.getValue().toArray(new String[e.getValue().size()]));
}
return whitelist;
}
}