Platform Explorer / Nuxeo Platform 2021.25

Extension point sanitizer

Documentation

Specify the types of documents and fields to sanitize.

The following example configures just based on field names:

    <sanitizer name="foo">
        <field>note</field>
        <field>comment:text</field>
    </sanitizer>

The following specifies that only the note field of the Note type will be sanitized:

    <sanitizer name="foo">
        <type>Note</type>
        <field>note</field>
    </sanitizer>

The following example disables a sanitizer:

    <sanitizer enabled="false" name="default"/>

Sanitizing can also be enabled on a field only if a field has a given value. This is useful when the same document field can contain text, html or wiki markup. For a webpage, you may want to only sanitize the webpages that are using HTML. Here is an example configuration.

    <sanitizer name="foo">
        <field filter="webp:isRichtext" filterValue="true">webp:content</field>
    </sanitizer>

In this example the field webp:content will be sanitized only when the String representation of the webp:isRichtext is "true".

If you want to not sanitize when a given value is present, use:

    <sanitizer name="foo">
        <field filter="mime_type" filterValue="text/plain" sanitize="false">note</field>
    </sanitizer>

Contribution Descriptors

  • Class: org.nuxeo.ecm.platform.htmlsanitizer.HtmlSanitizerDescriptor

Existing Contributions

Contributions are presented in the same order as the registration order on this extension point. This order is displayed before the contribution name, in brackets.

  • nuxeo-easyshare-core-2021.25.8.jar /OSGI-INF/easyshare-contrib.xml
    <extension point="sanitizer" target="org.nuxeo.ecm.platform.htmlsanitizer.HtmlSanitizerService">
        <sanitizer name="easyshare">
          <field>easysharefolder:shareComment</field>
        </sanitizer>
      </extension>
  • nuxeo-platform-htmlsanitizer-2021.25.8.jar /OSGI-INF/htmlsanitizer-contrib.xml
    <extension point="sanitizer" target="org.nuxeo.ecm.platform.htmlsanitizer.HtmlSanitizerService">
        <sanitizer name="default">
          <!-- <field>dc:description</field> -->
          <field filter="mime_type" filterValue="text/plain,text/x-web-markdown,text/xml" sanitize="false">note</field>
          <field>webc:welcomeText</field>
          <field filter="webp:isRichtext" filterValue="true">webp:content</field>
          <field>comment:text</field>
          <!-- <field>post:text</field> -->
        </sanitizer>
      </extension>