Skip navigation
Gary__F
Gary__F Calculating status...
Currently Being Moderated

How to create a Java array for use with jsoup addAttributes() ?

Feb 2, 2013 4:56 PM

Tags: #java #coldfusion #jsoup

Hi. Has anyone used jsoup for cleaning up user-submitted HTML?

 

When I ask jsoup to add some extra attributes to its whitelist I get this error: "The addAttributes method was not found."

 

The addAttributes() method requires an array. I tried using a CF array, a Java array, and even a string, but nothing worked.

 

I'm using CF8. My test code is:

 

<cfset jsoup = createObject("java","org.jsoup.Jsoup")>
<cfset whitelist = CreateObject("java", "org.jsoup.safety.Whitelist")>
<cfset html="<div style='font-size:24pt;'>This is BIG text</div>. This is an unwanted script: <script>alert('Boo!')</script>.<br>">
<cfset myAttribsArray=[":all","style"]>
<cfset myAttribsArray=javacast("string[]", myAttribsArray)>
<cfset sanitized = jsoup.clean(html, Whitelist.relaxed().addAttributes(myAttribsArray))>
<cfoutput>
<textarea rows="10" cols="60"> #HtmlEditFormat(sanitized)#</textarea>
</cfoutput>

 

The code works if I don't bother with addAttributes(), but I need to add the style attribute to the whitelist. Can anyone help please? Thanks.

 

The API reference for addAttributes() is here:
http://jsoup.org/apidocs/org/jsoup/safety/Whitelist.html#addAttributes

553 Views   5 Replies   Latest reply: Gary__F, Mar 29, 2013 1:51 PM
 
Replies
  • Dan Bracuk
    Currently Being Moderated
    1. Dan Bracuk,
    Feb 2, 2013 7:59 PM   in reply to Gary__F
    Report

    I looked at the reference you posted and did not see anything about the requirement for an array. 

     
    |
    Mark as:
  • Gary__F
    Currently Being Moderated
    2. Gary__F,
    Feb 3, 2013 2:18 AM   in reply to Dan Bracuk
    Report

    Hi Dan. The addTags() method doesn't say it needs to be an array either, but it will only work if it's supplied by CF as an array. I got that tip from a Stackoverflow answer I found. Unfortunately it doesn't work for the addAttributess() method. I've tried supplying a string as well, trying to cover all posibilities.

     

    addAttributes(":all","style")

    addAttributes('":all","style"')

    addAttributes([":all"],["style"])

    addAttributes([":all","style"])

     
    |
    Mark as:
  • Gary__F
    Currently Being Moderated
    3. Gary__F,
    Mar 29, 2013 11:18 AM   in reply to Gary__F
    Report

    <bump>

    Anyone use jsoup or know about sending an array to a Java object? Thanks.

     
    |
    Mark as:
  • Nathan Mische
    Currently Being Moderated
    4. Nathan Mische,
    Mar 29, 2013 1:06 PM   in reply to Gary__F
    Report

    You can see the setAttributes() method signature like so:

    <cfset whitelist = CreateObject("java", "org.jsoup.safety.Whitelist")>
    <cfdump var="#Whitelist.relaxed()#" />

     

    If you run that you will see setAttributes() expects a string and a string array.

    addAttributes(java.lang.String, java.lang.String[])

     

    Given that, you need to do something like:

     

    <cfscript>
     jsoup = CreateObject("java","org.jsoup.Jsoup");
     whitelist = CreateObject("java", "org.jsoup.safety.Whitelist");
     html="<div style='font-size:24pt;'>This is BIG text</div>. This is an unwanted script: <script>alert('Boo!')</script>.<br>";
     myKeys=["style"];
     sanitized = jsoup.clean(html, Whitelist.relaxed().addAttributes(":all" , JavaCast("string[]", myKeys)));
     WriteOutput("<textarea>#sanitized#</textarea>");
    </cfscript>
     
    |
    Mark as:
  • Gary__F
    Currently Being Moderated
    5. Gary__F,
    Mar 29, 2013 1:51 PM   in reply to Nathan Mische
    Report

    Nathan, thank you so much for your reply. That was a perfect answer and my code is working now.

     

    I didn't realise the method needed a string and an array, I was shoving both into a single array. Doh to me and yay to you! I wish there was a "jump for joy" emoticon in the forum.

     
    |
    Mark as:
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points