假设,我有一些字段,我想只允许一些基本的HTML,如粗体或段落甚至链接:
@SafeHtml(whitelistType = SafeHtml.WhiteListType.BASIC, message = Constants.HTML_IS_NOT_ALLOWED)
private String body;
hibernate文档接下来说明基本白名单:
/**
* This whitelist allows a fuller range of text nodes:
* <code>a, b, blockquote, br, cite, code, dd, dl, dt, em, i, li, ol, p, pre, q, small, strike, strong, sub, sup, u, ul</code>
* , and appropriate attributes.
* <p/>
* Links (<code>a</code> elements) can point to <code>http, https, ftp, mailto</code>, and have an enforced
* <code>rel=nofollow</code> attribute.
* <p/>
* Does not allow images.
*/
根据它,验证器应允许链接nofollow属性,例如
<a href="http://stackoverflow.com/" rel="nofollow">stackoverflow</a>
但验证仍然失败,为什么?