Introduction #

The Sanitizers functionality is new in Liferay v6.0. Sanitizers are a filtering element that "sanitize" web content (usually HTML or Javascript code) so that it doesn't contain inappropriate content like malicious Javascript code or swearwords.

Using Sanitizers #

The file has been updated with the following entry, allowing the use of a custom sanitizer.


At the moment sanitizers are being used out of the box in the Blogs portlet just before entering the contents in the database, but this can be applied to whatever entity we need using plugins. For example, you can use it in a Model Wrapper Hook for Wiki pages or a Model Wrapper Hook for web content.

There's already an antisamy hook in plugins repository that is ready to be used and it can be used as an starting point for you developers that are interested in implementing your custom sanitizers.

To use this in core entities the best way is to use model wrapper hooks, so that you include this filtering before creating the entity and its related objects (like tags, categories and so on)

To create this hook, the fastest way is using Liferay IDE

Create a hook plugin project ("Liferay hook plug-in project") and create a new hook portlet ("new hook plugin") that overrides Services (mark "Services" checkbox) and then select the class you want to extend.

In this blog entry, I'll extend WikiPage creation, so my class is like this:

package com.test.hooks;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.sanitizer.SanitizerUtil;
import com.liferay.portal.kernel.util.ContentTypes;
import com.liferay.portal.service.ServiceContext;

public class ExtWikiPageLocalService extends WikiPageLocalServiceWrapper {

 public ExtWikiPageLocalService(WikiPageLocalService wikiPageLocalService) {
 public WikiPage addPage(
         long userId, long nodeId, String title, double version,
         String content, String summary, boolean minorEdit, String format,
         boolean head, String parentTitle, String redirectTitle,
         ServiceContext serviceContext)
      throws PortalException, SystemException {

         // My Custom Code: sanitize the content

         String sanitizedContent = SanitizerUtil.sanitize(
                 userId, WikiPage.class.getName(), 0, ContentTypes.TEXT_HTML, 

 // Then launch Liferay method code

         return super.addPage(userId, nodeId, title, version,
                 sanitizedContent, summary, minorEdit, format,
                 head, parentTitle, redirectTitle,

And the liferay-hook.xml looks like this:

<?xml version="1.0"?>
<!DOCTYPE hook PUBLIC "-//Liferay//DTD Hook 6.0.0//EN" "">


After deploying antisamy hook, when you deploy your custom wrapper, the wiki content is verified in creation time so that it filters wiki page's content the way the antisamy does.

Note: update with info about how it is built in the Liferay Core

0 Attachments
Average (0 Votes)
The average rating is 0.0 stars out of 5.