Skip navigation
Currently Being Moderated

How to create a Java array for use with jsoup addAttributes() ?

Feb 2, 2013 4:56 PM

Tags: #java #coldfusion #jsoup

Hi. Has anyone used jsoup for cleaning up user-submitted HTML?

 

When I ask jsoup to add some extra attributes to its whitelist I get this error: "The addAttributes method was not found."

 

The addAttributes() method requires an array. I tried using a CF array, a Java array, and even a string, but nothing worked.

 

I'm using CF8. My test code is:

 

<cfset jsoup = createObject("java","org.jsoup.Jsoup")>
<cfset whitelist = CreateObject("java", "org.jsoup.safety.Whitelist")>
<cfset html="<div style='font-size:24pt;'>This is BIG text</div>. This is an unwanted script: <script>alert('Boo!')</script>.<br>">
<cfset myAttribsArray=[":all","style"]>
<cfset myAttribsArray=javacast("string[]", myAttribsArray)>
<cfset sanitized = jsoup.clean(html, Whitelist.relaxed().addAttributes(myAttribsArray))>
<cfoutput>
<textarea rows="10" cols="60"> #HtmlEditFormat(sanitized)#</textarea>
</cfoutput>

 

The code works if I don't bother with addAttributes(), but I need to add the style attribute to the whitelist. Can anyone help please? Thanks.

 

The API reference for addAttributes() is here:
http://jsoup.org/apidocs/org/jsoup/safety/Whitelist.html#addAttributes

 
Replies
  • Currently Being Moderated
    Feb 2, 2013 7:59 PM   in reply to Gary__F

    I looked at the reference you posted and did not see anything about the requirement for an array. 

     
    |
    Mark as:
  • Currently Being Moderated
    Mar 29, 2013 1:06 PM   in reply to Gary__F

    You can see the setAttributes() method signature like so:

    <cfset whitelist = CreateObject("java", "org.jsoup.safety.Whitelist")>
    <cfdump var="#Whitelist.relaxed()#" />

     

    If you run that you will see setAttributes() expects a string and a string array.

    addAttributes(java.lang.String, java.lang.String[])

     

    Given that, you need to do something like:

     

    <cfscript>

    jsoup = CreateObject("java","org.jsoup.Jsoup");

    whitelist = CreateObject("java", "org.jsoup.safety.Whitelist");

    html="<div style='font-size:24pt;'>This is BIG text</div>. This is an unwanted script: <script>alert('Boo!')</script>.<br>";

    myKeys=["style"];

    sanitized = jsoup.clean(html, Whitelist.relaxed().addAttributes(":all" , JavaCast("string[]", myKeys)));

    WriteOutput("<textarea>#sanitized#</textarea>");

    </cfscript>

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points