Skip to content

danieldbower/grails-sanitizer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
.settings
.settings
 
 
grails-app
grails-app
 
 
scripts
scripts
 
 
src/groovy
src/groovy
 
 
test
test
 
 
web-app/WEB-INF/tld
web-app/WEB-INF/tld
 
 
.bzrignore
.bzrignore
 
 
.classpath
.classpath
 
 
.gitignore
.gitignore
 
 
.project
.project
 
 
LICENSE.txt
LICENSE.txt
 
 
README
README
 
 
SanitizerGrailsPlugin.groovy
SanitizerGrailsPlugin.groovy
 
 
application.properties
application.properties
 
 

Repository files navigation

Grails Plugin for Sanitizing Markup using the Antisamy library.

Project HomePage:  http://www.grails.org/plugin/sanitizer

Description:
Plugin for Sanitizing Markup(HTML, XHTML, CSS) using OWASP AntiSamy. Filters malicious content from User generated content (such as that entered through Rich Text boxes).


Features
    1. Configurable Rulesets in src/groovy/antisamyconfigs/antisamy-policy.xml

    2. Constraint "markup"
        can be added to domain/command classes to validate that a string is valid and safe markup
        important note: The constraint is for validation only, it does not sanitize the string

    3. Encoding-only Codec "myText.encodeAsSanitizedMarkup()"
        use the codec or the service to sanitize the string
       (the codec uses the service, too)

    4. MarkupSanitizerService
        use the codec or the service to sanitize the string
        access in your controllers/services via

        def markupSanitizerService

        method MarkupSanitizerResult sanitize(String dirtyString)
            effectively a singleton, which means the ruleset only needs to be read once on startup


Installation
    1.  Add to your BuildConfig.groovy:
        (For Grails 2.2.x)
        build ":sanitizer:0.10.0"

        (For Grails 2.3.x)
        build ":sanitizer:0.11.0"

        (For Grails 2.4.x)
        build ":sanitizer:0.12.0"

    2.  "grails compile" to download/install/compile the plugin
    3.  From there, you can use antisamy from the MarkupSanitizerServce, the SanitzedMarkupCodec, or the Domain Constraint.

Select a Policy (Optional)
The default policy is quite strict, however, you can modify it in several ways:
1.  Run "grails antisamy" to get a list of policies to choose from.
    Run "grails antisamy 1" to select the first policy, or the one you want.
2.  Do the above and customize the contents of the file at:  src/groovy/antisamyconfigs/antisamy-policy.xml
3.  Provide your own policy file and add a config item such as:
    sanitizer.config = 'antisamyconfigs/antisamy-myspace-1.4.4.xml'

You can add this config value to Config.groovy
sanitizer.trustSanitizer=true
By default, if there is a message given by the sanitizer during cleaning, the sanitizer codec will return an empty string.  
Setting trustSanitizer to true will allow you to ignore the messages issued by the sanitizer and just use the output.


Constraint example:
In your domain/command object add a constraint to inform the user if they've submitted invalid markup:

static constraints = {
  myTextProperty(maxSize: 65000, markup:true)
}


Codec example:
On strings, you can use the codec to clean a value:
newsItemInstance.text = newsItemInstance.text.encodeAsSanitizedMarkup()


Service Example:
Use the sanitizer as follows in controllers or other services:

import org.grails.plugins.sanitizer.MarkupSanitizerResult
...
// inject service def markupSanitizerService
...
// implement the sanitizer in a method of your choice 
MarkupSanitizerResult result = markupSanitizerService.sanitize(input) 
if(!result.isInvalidMarkup()) { 
    //return result.cleanString 
} else { 
    //return result.errorMessages 
    //return result.cleanString 
}

About

Grails Markup Sanitizer Plugin

www.grails.org/plugin/sanitizer

Resources

Readme

License

View license
Activity

Stars

9 stars

Watchers

5 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 3

  •  
  •  
  •  

Languages