Lucee object methods reference

Object Method String.sanitizeHTML

Sanitizes unsafe HTML input and removes elements and attributes like JavaScript, onclick, etc. See also https://github.com/OWASP/java-html-sanitizer 
String.sanitizeHTML([any policy]):string

Category

ESAPI,HTML

Arguments

The arguments for this function are set. You can not use other arguments except the following ones.
Name Type Required Description
policy any  No Either a org.owasp.html.PolicyFactory or a String with built in Sanitizers. If ommited then
all of the built-in policies are applied. The built in Sanitizers are:
  • FORMATTING
  • BLOCKS
  • STYLES
  • LINKS
  • TABLES
  • IMAGES