Description
Allows you to specify the tags allowed in certain content as well as whether links are allowed.
Availabilty
Available as of blojsom 2.27.
Installation and Setup
In your /WEB-INF/classes/blojsom-plugins.xml file, add the following:
<bean id="xss-filter" class="org.blojsom.plugin.filter.XSSFilterPlugin" init-method="init" destroy-method="destroy">
<property name="eventBroadcaster">
<ref bean="eventBroadcaster"/>
</property>
</bean>
If you would like to output the configurable set of tags and whether or not links are allowed in your template files, you may then add "xss-filter" to one of the flavor-based plugin chains.
The following properties can be set from Weblog Settings | Properties | Set Property
| Property |
Default Value |
Description |
| plugin-xss-filter-allowed-balanced-tags |
b, i, blockquote, pre, ul, ol, li |
A comma-separated list of tags (balanced meaning there is a start and end tag) that you would like to allow. |
| plugin-xss-filter-allowed-unbalanced-tags |
br |
A comma-separated list of tags (unbalanced meaning there only a single tag) that you would like to allow. |
| plugin-xss-filter-allow-links |
true |
true or false indicates whether or not you would like to allow <a href="...">some site</a> links. |
| plugin-xss-filter-process-entries |
false |
true or false indicates whether or not you want the XSS filter to process blog entry text. |
Context Attributes and Types
The following table describes the context attributes that are available and their associated type.
| Context key |
Type |
Description |
| XSS_FILTER_ALLOWED_BALANCED_TAGS |
String[] |
Array of strings containing the list of allowed balanced tags. |
| XSS_FILTER_ALLOWED_UNBALANCED_TAGS |
String[] |
Array of strings containing the list of allowed unbalanced tags. |
| XSS_FILTER_ALLOW_LINKS |
Boolean |
Boolean value indicating whether or not links are allowed. |
Usage
