Products Downloads


French version


 

This function is used to sanitize an HTML code so that only certain tags or attributes are authorized and all dynamic content is removed.

It enables the "sanitizers" provided as standard by the OWASP project Java HTML Sanitizer to be used.

 

Context

  • Java client
  • Adelia Web client
  • Adelia Cloud client
  • Java server

Parameters

ALPHA(n)

Sanitizers

List of authorized sanitizers separated by commas. A list of predefined sanitizer names (sanitizers) is provided by OWASP:

FORMATTING

Authorizes the common formatting elements (<b>,  <i>...).

BLOCKS

Authorizes the common block types (<p>, <h1>-<h6>...).

IMAGES

Authorizes the image tags (<img>).

LINKS

Authorizes the http, HTTPS and MAILTO links.

STYLES

Authorizes certain CSS properties in the style attribute (style=...).

TABLES

Authorizes the use of tables.

 

If *BLANK, only the formatting tags are authorized => the "FORMATTING" tag will be used.

ALPHA(n)

Source

HTML code to sanitize.

ALPHA(n)

Destination

Sanitized HTML code.

NUM_BIN_4

Length

Length of the destination variable.

BOOL

ReturnCode

Operation return code:

*TRUE if the operation was carried out correctly.

*FALSE if not.

If the error is that the output variable is too small to contain the result, the "Length" variable indicates the required length.
 


For example:

ALPHA(30000) Source
ALPHA(30000) Destination
 
Source = '<b>Test</b><a href="test">test</a>'
PhysicalServerName = 'SITE_PARIS'
DBName = '*DFT'
CALL_DLL 'VATOOLBX.DLL' 'VaToolBxJavaSanitizeHTML' 'FORMATTING' Source Destination 30000 ReturnCode
/* Destination = '<b>Test</b>'
CALL_DLL 'VATOOLBX.DLL' 'VaToolBxJavaSanitizeHTML' 'FORMATTING' Source Destination 30000 ReturnCode
/* Destination = '<b>Test</b>'

↑ Top of page

 

  • Aucune étiquette