Lucee object methods reference
Object Method String.sanitizeHTML
Sanitizes unsafe HTML input and removes elements and attributes like JavaScript, onclick, etc.
See also https://github.com/OWASP/java-html-sanitizer
String.sanitizeHTML([any policy]):string
Category
ESAPI,HTML
Arguments
The arguments for this function are set. You can not use other arguments except the following ones.
Name | Type | Required | Description |
---|---|---|---|
policy | any | No |
Either a org.owasp.html.PolicyFactory or a String with built in Sanitizers. If omitted then all of the built-in policies are applied. The built in Sanitizers are: |