Suggest to include method "stripHTML"

imchikachirag / force-dot-com-esapi

Automatically exported from code.google.com/p/force-dot-com-esapi

0 stars 0 forks source link

Suggest to include method "stripHTML" #9

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

Enhancement:

It would be useful if the ESAPI would provide a method for converting a string 
that might contain HTML tags into a text-only string. That could be used to 
sanitize a string in order to prevent XSS.

Original issue reported on code.google.com by sascha.k...@gmail.com on 11 Feb 2013 at 4:32

GoogleCodeExporter commented 8 years ago

Original comment by apex.es...@gmail.com on 11 Feb 2013 at 7:18

Added labels: Type-Enhancement
Removed labels: Type-Defect

GoogleCodeExporter commented 8 years ago

What about 
http://force-dot-com-esapi.googlecode.com/svn/trunk/doc/SFDCEncoder.html#SFDC_HT
MLENCODE(String) ?

Original comment by apex.es...@gmail.com on 11 Feb 2013 at 7:26

GoogleCodeExporter commented 8 years ago

Proposed code

    global static String stripHtml(String dirtyString) {
        String cleanString = dirtyString;
        // remove all HTML tags
        cleanString = cleanString.replaceAll('<[^>]+>',' ');
        return cleanString;
    }

Original comment by sascha.k...@gmail.com on 12 Feb 2013 at 4:04

GoogleCodeExporter commented 8 years ago

This enhancement is no longer needed since the base String class now has a 
stripHtmlTags method: 
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_System_String_
stripHtmlTags.htm

Original comment by shadowsi...@gmail.com on 23 Dec 2013 at 4:23