Using Anti Sammy plugin

Fórum

David Weitzel, modificado 7 Anos atrás.

Using Anti Sammy plugin

Junior Member Postagens: 65 Data de Entrada: 07/10/15 Postagens Recentes

Not sure this is the right forum but seems it should get visibility.
If I install the Anisammy plugin (for 6.2 EE) will all POST requests with HTML or text fields be scanned independent of the source portlet?
In other words do I have to add this explicitly to my portlet or once installed does it get done site wide?
I cannot see where the scanning is done within the core code for say Journal Content.addArticle() for example so am thinking it is done during request handling?

David H Nebinger, modificado 7 Anos atrás.

RE: Using Anti Sammy plugin

Liferay Legend Postagens: 14916 Data de Entrada: 02/09/06 Postagens Recentes

If you check the code for updateArticle() in JournalArticleLocalServiceImpl, you'll see it calls out to format() which is a protected method and, in that method, the SanitizerUtil.sanitize() method is called to sanitize incoming content.

So it is a manual effort, you would need to invoke the same SanitizerUtil.sanitize() methods in the similar way. Note that you can invoke the util method whether Antisamy is installed or not.

Come meet me at the LSNA!