留言板
Using Anti Sammy plugin
Not sure this is the right forum but seems it should get visibility.
If I install the Anisammy plugin (for 6.2 EE) will all POST requests with HTML or text fields be scanned independent of the source portlet?
In other words do I have to add this explicitly to my portlet or once installed does it get done site wide?
I cannot see where the scanning is done within the core code for say Journal Content.addArticle() for example so am thinking it is done during request handling?
If I install the Anisammy plugin (for 6.2 EE) will all POST requests with HTML or text fields be scanned independent of the source portlet?
In other words do I have to add this explicitly to my portlet or once installed does it get done site wide?
I cannot see where the scanning is done within the core code for say Journal Content.addArticle() for example so am thinking it is done during request handling?
If you check the code for updateArticle() in JournalArticleLocalServiceImpl, you'll see it calls out to format() which is a protected method and, in that method, the SanitizerUtil.sanitize() method is called to sanitize incoming content.
So it is a manual effort, you would need to invoke the same SanitizerUtil.sanitize() methods in the similar way. Note that you can invoke the util method whether Antisamy is installed or not.
Come meet me at the LSNA!
So it is a manual effort, you would need to invoke the same SanitizerUtil.sanitize() methods in the similar way. Note that you can invoke the util method whether Antisamy is installed or not.
Come meet me at the LSNA!