This wiki does not contain official documentation and is currently deprecated and read only. Please try reading the documentation on the Liferay Developer Network, the new site dedicated to Liferay documentation. DISCOVER Build your web site, collaborate with your colleagues, manage your content, and more. DEVELOP Build applications that run inside Liferay, extend the features provided out of the box with Liferay's APIs. DISTRIBUTE Let the world know about your app by publishing it in Liferay's marketplace. PARTICIPATE Become a part of Liferay's community, meet other Liferay users, and get involved in the open source project. Sanitizers
Table of Contents [-]
Introduction #
The Sanitizers functionality is new in Liferay v6.0. Sanitizers are a filtering element that "sanitize" web content (usually HTML or Javascript code) so that it doesn't contain inappropriate content like malicious Javascript code or swearwords.
Using Sanitizers #
The portal.properties file has been updated with the following entry, allowing the use of a custom sanitizer.
sanitizer.impl=com.liferay.portal.sanitizer.DummySanitizerImpl
At the moment sanitizers are being used out of the box in the Blogs portlet just before entering the contents in the database, but this can be applied to whatever entity we need using plugins. For example, you can use it in a Model Wrapper Hook for Wiki pages or a Model Wrapper Hook for web content.
There's already an antisamy hook in plugins repository that is ready to be used and it can be used as an starting point for you developers that are interested in implementing your custom sanitizers.
To use this in core entities the best way is to use model wrapper hooks, so that you include this filtering before creating the entity and its related objects (like tags, categories and so on)
To create this hook, the fastest way is using Liferay IDE
Create a hook plugin project ("Liferay hook plug-in project") and create a new hook portlet ("new hook plugin") that overrides Services (mark "Services" checkbox) and then select the class you want to extend.
In this blog entry, I'll extend WikiPage creation, so my class is like this:
package com.test.hooks;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.sanitizer.SanitizerUtil;
import com.liferay.portal.kernel.util.ContentTypes;
import com.liferay.portal.service.ServiceContext;
import com.liferay.portlet.wiki.model.WikiPage;
import com.liferay.portlet.wiki.service.WikiPageLocalService;
import com.liferay.portlet.wiki.service.WikiPageLocalServiceWrapper;
public class ExtWikiPageLocalService extends WikiPageLocalServiceWrapper {
public ExtWikiPageLocalService(WikiPageLocalService wikiPageLocalService) {
super(wikiPageLocalService);
}
public WikiPage addPage(
long userId, long nodeId, String title, double version,
String content, String summary, boolean minorEdit, String format,
boolean head, String parentTitle, String redirectTitle,
ServiceContext serviceContext)
throws PortalException, SystemException {
// My Custom Code: sanitize the content
String sanitizedContent = SanitizerUtil.sanitize(
serviceContext.getCompanyId(),
serviceContext.getScopeGroupId(),
userId, WikiPage.class.getName(), 0, ContentTypes.TEXT_HTML,
content);
// Then launch Liferay method code
return super.addPage(userId, nodeId, title, version,
sanitizedContent, summary, minorEdit, format,
head, parentTitle, redirectTitle,
serviceContext);
}
}And the liferay-hook.xml looks like this:
<?xml version="1.0"?> <!DOCTYPE hook PUBLIC "-//Liferay//DTD Hook 6.0.0//EN" "http://www.liferay.com/dtd/liferay-hook_6_0_0.dtd"> <hook> <service> <service-type>com.liferay.portlet.wiki.service.WikiPageLocalService</service-type> <service-impl>com.test.hooks.ExtWikiPageLocalService</service-impl> </service> </hook>
After deploying antisamy hook, when you deploy your custom wrapper, the wiki content is verified in creation time so that it filters wiki page's content the way the antisamy does.
Note: update with info about how it is built in the Liferay Core
