forked from danieldbower/grails-sanitizer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
plugin.xml
42 lines (39 loc) · 1.93 KB
/
plugin.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<plugin name='sanitizer' version='0.7.2' grailsVersion='1.3.1 > *'>
<author>Daniel Bower</author>
<authorEmail>daniel@bowerstudios.com</authorEmail>
<title>Grails Markup Sanitizer Plugin</title>
<description>\
Plugin for Sanitizing Markup(HTML, XHTML, CSS) using OWASP AntiSamy.
Filters malicious content from User generated content (such as that entered through Rich Text boxes).
Features -
* Ruleset in web-app/WEB-INF/antisamy-policy.xml
* Constraint "markup"
- can be added to domain/command classes to validate that a string is valid and safe markup
- important note: The constraint is for validation only, it does not sanitize the string
* Encoding-only Codec "myText.encodeAsSanitizedMarkup()"
- use the codec or the service to sanitize the string
- (the codec uses the service, too)
* MarkupSanitizerService
- use the codec or the service to sanitize the string
- access in your controllers/services via
def markupSanitizerService
- method MarkupSanitizerResult sanitize(String dirtyString)
- method MarkupValidatorResult validateMarkup(String htmlString)
- effectively a singleton, which means the ruleset only needs to be read once on startup
Please note the beta nature of the version number. This plugin has not been extensively tested. Please feel
free to send me any results of any testing you may do.
This module does not sanitize a string that does not contain valid markup. If it does not contain
valid markup, it will simply return an empty string.
</description>
<documentation>http://grails.org/plugin/sanitizer</documentation>
<resources>
<resource>BuildConfig</resource>
<resource>Config</resource>
<resource>DataSource</resource>
<resource>UrlMappings</resource>
<resource>org.grails.plugins.sanitizer.MarkupSanitizerService</resource>
<resource>org.grails.plugins.sanitizer.SanitizedMarkupCodec</resource>
</resources>
<dependencies />
<behavior />
</plugin>