import net.htmlparser.jericho.*; import java.util.*; /** * Provides facilities to sanitise HTML containing unwanted or invalid tags into clean HTML. *

* The sanitation process consists of the following steps: *

* Find all potential HTML tags in the input text. For each tag: *
- If it is one of the allowed tags * ( , , , , * <ol>, <ul>, <li>, <a>) then: *
 - If a matching end tag is required, check that the end tag exists and is correctly nested. If not, reject the tag. *
 - Check that the element is in a valid position (e.g. <li> elements must be inside <ul> or <ol> elements). If not, reject the element. *
 - Keep only the allowed attributes (id, class, href, target, title) and strip any others. *
 - Ensure all attributes are XHTML compliant (all values enclosed in double quotes and fully encoded) *
 - Ensure tags are XHTML compliant (convert to lower case and add closing slash to empty element tag, e.g.  ) *
 *
- If it is not one of the allowed tags or was rejected for any reason: *
 - If the method strips invalid markup, completely remove the tag or element from the output, * otherwise encode it so that it renders verbatim. *
 *
*
* If the formatWhiteSpace option is enabled: *
- Line breaks, being Carriage Return (U+000D) or Line Feed (U+000A) characters, and Form Feed characters (U+000C) * are converted to " ". CR/LF pairs are treated as a single line break. *
- Multiple consecutive spaces are converted so that every second space is converted to " " * while ensuring the last is always a normal space. *
- Tab characters (U+0009) are converted as if they were four consecutive spaces. *
*
Ensure all remainding text is fully encoded. *

*/ public class HTMLSanitiser { private HTMLSanitiser() {} // not instantiable // list of HTML elements that will be retained in the final output: private static final Set VALID_ELEMENT_NAMES=new HashSet(Arrays.asList(new String[] { HTMLElementName.BR, HTMLElementName.P, HTMLElementName.B, HTMLElementName.I, HTMLElementName.OL, HTMLElementName.UL, HTMLElementName.LI, HTMLElementName.A })); // list of HTML attributes that will be retained in the final output: private static final Set VALID_ATTRIBUTE_NAMES=new HashSet(Arrays.asList(new String[] { "id","class","href","target","title" })); private static final Object VALID_MARKER=new Object(); /** * Returns a sanitised version of the specified HTML, encoding any unwanted tags. *

* Calling this method is equivalent to {@link #encodeInvalidMarkup(String,boolean) encodeInvalidMarkup(pseudoHTML,false)}. *

Example:

* * * * *

Method call:	HTMLSanitiser.encodeInvalidMarkup("<P><u>Line 1</u>\n<b>Line 2</b>\n<script>doBadStuff()</script>")
Output:	<p><u>Line 1</u>\n<b>Line 2</b>\n<script>doBadStuff()</script></p>
Rendered output:	<u>Line 1</u> Line 2 <script>doBadStuff()</script>

* In this example: *

The  tag is kept and converted to lower case *
The optional end tag  is added *
The  element is kept *
The unwanted  and <script> elements are encoded so that they render verbatim *

* * @param pseudoHTML The potentially invalid HTML to sanitise. * @return a sanitised version of the specified HTML, encoding any unwanted tags. */ public static String encodeInvalidMarkup(String pseudoHTML) { return encodeInvalidMarkup(pseudoHTML,false); } /** * Returns a sanitised version of the specified HTML, encoding any unwanted tags. *

* Encoding unwanted and invalid tags results in them appearing verbatim in the rendered output, * helping to highlight the problem so that the source HTML can be fixed. *

* Specifying a value of true as an argument to the formatWhiteSpace parameter * results in the formatting of white space as described in the sanitisation process in the class description above. *

Example:

* * * * *

Method call:	HTMLSanitiser.encodeInvalidMarkup("<P><u>Line 1</u>\n<b>Line 2</b>\n<script>doBadStuff()</script>",true)
Output:	<p><u>Line   1</u><br /><b>Line   2</b><br /><script>doBadStuff()</script></p>
Rendered output:	<u>Line 1</u> Line 2 <script>doBadStuff()</script>

* In this example: *

The  tag is kept and converted to lower case *
The optional end tag  is added *
The  element is kept *
The unwanted  and <script> elements are encoded so that they render verbatim *
The line feed characters are converted to   elements *
Non-breaking spaces ( ) are added to ensure the multiple spaces are rendered as they appear in the input. *

* Calling this method is equivalent to {@link #stripInvalidMarkup(String,boolean) stripInvalidMarkup(pseudoHTML,false)}. *

Example:

* * * * *

Method call:	HTMLSanitiser.stripInvalidMarkup("<P><u>Line 1</u>\n<b>Line 2</b>\n<script>doBadStuff()</script>")
Output:	<p>Line 1\n<b>Line 2</b>\n</p>
Rendered output:	Line 1 Line 2

* In this example: *

The  tag is kept and converted to lower case *
The optional end tag  is added *
The  element is kept *
The unwanted  and <script> elements are stripped from the output *

* * @param pseudoHTML The potentially invalid HTML to sanitise. * @return a sanitised version of the specified HTML, stripping any unwanted tags. */ public static String stripInvalidMarkup(String pseudoHTML) { return stripInvalidMarkup(pseudoHTML,false); } /** * Returns a sanitised version of the specified HTML, stripping any unwanted tags. *

* Stripping unwanted and invalid tags is the preferred option if the output is for public consumption. *

* Specifying a value of true as an argument to the formatWhiteSpace parameter * results in the formatting of white space as described in the sanitisation process in the class description above. *

Example:

* * * * *

Method call:	HTMLSanitiser.stripInvalidMarkup("<P><u>Line 1</u>\n<b>Line 2</b>\n<script>doBadStuff()</script>",true)
Output:	<p>Line   1<br /><b>Line   2</b><br /></p>
Rendered output:	Line 1 Line 2

* In this example: *

The  tag is kept and converted to lower case *
The optional end tag  is added *
The  element is kept *
The unwanted  and <script> elements are stripped from the output *
The line feed characters are converted to   elements *
Non-breaking spaces ( ) are added to ensure the multiple spaces are rendered as they appear in the input. *

* * @param pseudoHTML The potentially invalid HTML to sanitise. * @param formatWhiteSpace Specifies whether white space should be marked up in the output. * @return a sanitised version of the specified HTML, stripping any unwanted tags. */ public static String stripInvalidMarkup(String pseudoHTML, boolean formatWhiteSpace) { return sanitise(pseudoHTML,formatWhiteSpace,true); } private static String sanitise(String pseudoHTML, boolean formatWhiteSpace, boolean stripInvalidElements) { Source source=new Source(pseudoHTML); source.fullSequentialParse(); OutputDocument outputDocument=new OutputDocument(source); List tags=source.getAllTags(); int pos=0; for (Tag tag : tags) { if (processTag(tag,outputDocument)) { tag.setUserData(VALID_MARKER); } else { if (!stripInvalidElements) continue; // element will be encoded along with surrounding text outputDocument.remove(tag); } reencodeTextSegment(source,outputDocument,pos,tag.getBegin(),formatWhiteSpace); pos=tag.getEnd(); } reencodeTextSegment(source,outputDocument,pos,source.getEnd(),formatWhiteSpace); return outputDocument.toString(); } private static boolean processTag(Tag tag, OutputDocument outputDocument) { String elementName=tag.getName(); if (!VALID_ELEMENT_NAMES.contains(elementName)) return false; if (tag.getTagType()==StartTagType.NORMAL) { Element element=tag.getElement(); if (HTMLElements.getEndTagRequiredElementNames().contains(elementName)) { if (element.getEndTag()==null) return false; // refect start tag if its required end tag is missing } else if (HTMLElements.getEndTagOptionalElementNames().contains(elementName)) { if (elementName==HTMLElementName.LI && !isValidLITag(tag)) return false; // reject invalid LI tags if (element.getEndTag()==null) outputDocument.insert(element.getEnd(),getEndTagHTML(elementName)); // insert optional end tag if it is missing } outputDocument.replace(tag,getStartTagHTML(element.getStartTag())); } else if (tag.getTagType()==EndTagType.NORMAL) { if (tag.getElement()==null) return false; // reject end tags that aren't associated with a start tag if (elementName==HTMLElementName.LI && !isValidLITag(tag)) return false; // reject invalid LI tags outputDocument.replace(tag,getEndTagHTML(elementName)); } else { return false; // reject abnormal tags } return true; } private static boolean isValidLITag(Tag tag) { Element parentElement=tag.getElement().getParentElement(); if (parentElement==null) return false; // ignore LI elements without a parent if (parentElement.getStartTag().getUserData()!=VALID_MARKER) return false; // ignore LI elements who's parent is not valid return parentElement.getName()==HTMLElementName.UL || parentElement.getName()==HTMLElementName.OL; // only accept LI tags who's immediate parent is UL or OL. } private static void reencodeTextSegment(Source source, OutputDocument outputDocument, int begin, int end, boolean formatWhiteSpace) { if (begin>=end) return; Segment textSegment=new Segment(source,begin,end); String decodedText=CharacterReference.decode(textSegment); String encodedText=formatWhiteSpace ? CharacterReference.encodeWithWhiteSpaceFormatting(decodedText) : CharacterReference.encode(decodedText); outputDocument.replace(textSegment,encodedText); } private static CharSequence getStartTagHTML(StartTag startTag) { // tidies and filters out non-approved attributes StringBuilder sb=new StringBuilder(); sb.append('<').append(startTag.getName()); for (Attribute attribute : startTag.getAttributes()) { if (VALID_ATTRIBUTE_NAMES.contains(attribute.getKey())) { sb.append(' ').append(attribute.getName()); if (attribute.getValue()!=null) { sb.append("=\""); sb.append(CharacterReference.encode(attribute.getValue())); sb.append('"'); } } } if (startTag.getElement().getEndTag()==null && !HTMLElements.getEndTagOptionalElementNames().contains(startTag.getName())) sb.append(" /"); sb.append('>'); return sb; } private static String getEndTagHTML(String tagName) { return "'; } ////////////////////////////////////////////////////////////////////////////////////// // THE METHODS BELOW ARE USED ONLY FOR DEMONSTRATING THE FUNCTIONALITY OF THE CLASS // ////////////////////////////////////////////////////////////////////////////////////// // See test/src/samples/HTMLSanitiserTest.java for a comprehensive test suite. public static void main(String[] args) throws Exception { System.out.println("Examples of HTMLSanitiser.encodeInvalidMarkup:"); System.out.println("----------------------------------------------\n"); displayEncodeInvalidMarkup("ab & c","encode text"); displayEncodeInvalidMarkup("abc def geh"," element not allowed"); displayEncodeInvalidMarkup("

abc","add optional end tag"); displayEncodeInvalidMarkup("","remove potentially dangerous script"); displayEncodeInvalidMarkup("

abc

","keep approved attributes but strip non-approved attributes"); displayEncodeInvalidMarkup("

abc

","tidy up attributes to make them XHTML compliant"); displayEncodeInvalidMarkup("List:

","inserts optional end tags"); System.out.println("Examples of HTMLSanitiser.stripInvalidMarkup:"); System.out.println("---------------------------------------------\n"); displayStripInvalidMarkup("ab & c","encode text"); displayStripInvalidMarkup("abc def geh"," element not allowed"); displayStripInvalidMarkup("

abc","add optional end tag"); displayStripInvalidMarkup("","remove potentially dangerous script"); displayStripInvalidMarkup("

abc

","keep approved attributes but strip non-approved attributes"); displayStripInvalidMarkup("

abc

","tidy up attributes to make them XHTML compliant"); displayStripInvalidMarkup("List:

","inserts optional end tags"); displayStripInvalidMarkup("List:

C","missing required

is invalid as it is not directly under