« Back

Sanitizers in Liferay 6

Company Blogs July 26, 2010 By Juan Fernández Staff

A new functionallity in Liferay 6 are the so called "Sanitizers". 

What are sanitizers? Sanitizers are a filtering element that "sanitize" web content (usually HTML or javascript code) so that it doesn't contain unappropiate content like javascript malicious code or swearwords, for example.
The portal.properties file has been updated with this entry:
so that we can use our custom sanitizer.
For the moment it's being used in Blogs portlet out-of-the-box, just before entering the contents in the database, but this can be applied to whatever entity we need using plugins. For example you can use it in a Model Wrapper Hook for Wiki pages or a Model Wrapper Hook for web content.
There's already an antisamy hook in plugins repository that is ready to be used and it can be used as an starting point for you developers that are interested in implementing your custom sanitizers. (Read more about the antisamy project here)
To use this in core entities the best way is to use model wrapper hooks (read more about this kind of plugins here), so that you include this filtering before creating the entity and its related objects (like tags, categories and so on)
To create this hook, the fastest way is using Liferay IDE 
Create a hook plugin project ("Liferay hook plug-in project") and create a new hook portlet ("new hook plugin") that overrides Services (mark "Services" checkbox) and then select the class you want to extend. 
In this blog entry, I'll extend WikiPage creation, so my class is like this:
package com.test.hooks;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.sanitizer.SanitizerUtil;
import com.liferay.portal.kernel.util.ContentTypes;
import com.liferay.portal.service.ServiceContext;
import com.liferay.portlet.wiki.model.WikiPage;
import com.liferay.portlet.wiki.service.WikiPageLocalService;
import com.liferay.portlet.wiki.service.WikiPageLocalServiceWrapper;

public class ExtWikiPageLocalService extends WikiPageLocalServiceWrapper {

public ExtWikiPageLocalService(WikiPageLocalService wikiPageLocalService) {
public WikiPage addPage(
long userId, long nodeId, String title, double version,
String content, String summary, boolean minorEdit, String format,
boolean head, String parentTitle, String redirectTitle,
ServiceContext serviceContext)
throws PortalException, SystemException {

// My Custom Code: sanitize the content

String sanitizedContent = SanitizerUtil.sanitize(
serviceContext.getCompanyId(), serviceContext.getScopeGroupId(),
userId, WikiPage.class.getName(), 0, ContentTypes.TEXT_HTML, content);

// Then launch Liferay method code

return super.addPage(userId, nodeId, title, version,
sanitizedContent, summary, minorEdit, format,
head, parentTitle, redirectTitle,
And my liferay-hook.xml is like this:
<?xml version="1.0"?>
<!DOCTYPE hook PUBLIC "-//Liferay//DTD Hook 6.0.0//EN" "http://www.liferay.com/dtd/liferay-hook_6_0_0.dtd">

After deploying antisamy hook, when you deploy your custom wrapper, the wiki content is verified in creation time so that it filters wiki page's content the way the antisamy does.
I hope it's been useful
Juan Fernández
thanks to Zsolt Balogh for his help & patience with sanitizers :D
 image from Flickr: http://www.flickr.com/photos/loush555/2322773699/ (by El Tekolote)
Threaded Replies Author Date
Nice post Juan. Great job Zsolt. Shagul Khajamohideen July 26, 2010 7:28 AM
Nice feature. Thank you, Juan! Jonas Yuan November 11, 2010 8:40 AM
It seems it is not working in Latest Enterprise... Liferay Question April 29, 2011 6:15 AM
Does anybody know why the antisamy-hook get... Balazs Szeti April 5, 2012 4:36 AM
[...] You can achieve the same using Sanitizers... Anonymous June 26, 2012 10:11 PM

Nice post Juan. Great job Zsolt.
Posted on 7/26/10 7:28 AM.
Nice feature. Thank you, Juan!
Posted on 11/11/10 8:40 AM.
Liferay Question
It seems it is not working in Latest Enterprise version of liferay. Always keeps giving me ClassNotFoundException.
Posted on 4/29/11 6:15 AM.
Does anybody know why the antisamy-hook get removed from SVN?
The source was removed on 2012.03.03.
We use this hook in our solution to sanitize blogs created by external users.
Posted on 4/5/12 4:36 AM.
[...] You can achieve the same using Sanitizers in Liferay Flag Please sign in to flag this as inappropriate. Mark as an Answer [...] Read More
Posted on 6/26/12 10:11 PM.