(Quick Reference)

2 Usage - Reference Documentation

Authors: Sudhir Nimavat

Version: 0.1

2 Usage

The plugin adds cleanHtml(String unsafe, String whitelist) method to every controller. The method can be used to clean and sanitize user entered unsafe html against given whitelist. See Whitelist to know more about whitelist.

cleanHtml()

Let's say you have a form with a text area, but you don't want to allow any html. You can clean the user supplied text with whitelist none and it will stripe out all the html.

class FooController {

def save = {

String cleaned = cleanHtml(params.textArea, 'none') }

}

allow basic html as per basic whitelist.

def cleaned = cleanHtml(unsafe, 'basic')

Following whitelists are available by default and does not need any configuration.

  • none
  • simpleText
  • basic
  • basicWithImages
  • relaxed

htmlCleaner bean

Plugin makes a spring bean with name htmlCleaner available. htmlCleaner provides a method cleanHtml() with same signature as the dynamic method available in controllers.

Using htmlCleaner inside a service

class FooService {

def htmlCleaner

def foo() { String cleaned = htmlCleaner.cleanHtml(unsafe, 'none') } }

<hc:cleanHtml /> tag

Example

<hc:cleanHtml unsafe="${domainInstance.description}" whitelist="basic"/>