io.goobi.viewer.faces.converters.HtmlSanitizerConverter

All Implemented Interfaces:: Converter<String>

public class HtmlSanitizerConverter extends Object implements Converter<String>

JSF converter that runs HtmlSanitizer.cleanRichText(String) on a submitted input value before it reaches the model. Intended for <h:inputTextarea> elements bound to TinyMCE-style rich-text editors, so persisted CMS content cannot carry stored XSS payloads.

getAsString(FacesContext, UIComponent, String) returns the value unchanged because the editor's display value should not be re-sanitized on every render — that is the render-side HtmlSanitizerBean's job, applied at the read sink.

Field Summary

Fields inherited from interface jakarta.faces.convert.Converter
DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE_PARAM_NAME
Constructor Summary

Constructors

Constructor

Description

HtmlSanitizerConverter()
Method Summary

Modifier and Type

Method

Description

String

getAsObject(FacesContext context, UIComponent component, String value)

String

getAsString(FacesContext context, UIComponent component, String value)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- HtmlSanitizerConverter
  
  public HtmlSanitizerConverter()
Method Details
- getAsObject
  
  public String getAsObject(FacesContext context, UIComponent component, String value)
  
  Specified by:
  
  getAsObject in interface Converter<String>
- getAsString
  
  public String getAsString(FacesContext context, UIComponent component, String value)
  
  Specified by:
  
  getAsString in interface Converter<String>

Class HtmlSanitizerConverter

Field Summary

Fields inherited from interface jakarta.faces.convert.Converter

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

HtmlSanitizerConverter

Method Details

getAsObject

getAsString