yes, I know I can added all the tags I need. But how about HTML tag attributes? css? I want to keep as many as HTML's capability, but also keep far away from HTML xss attacks. I am realy a newbie, not only web but also java. I realy don't know how many things shold be considered.
Also, if it works with RichTextArea, it becomes more complex. You don't know RichTextArea's target behavior. Can I trust RichTextArea.getHTML()? Can I use SafeHtmlUtils.fromTrustedString(RichTextArea.getHTML()) to avoid HTML xss attacks? RichTextArea seems will escape the content what you key in, but you can copy from other HTML page and Ms word, openoffice and paste them in. Is it safe for xss attack? Someone also metioned HTML optimization for paste from word and openoffice, because there are too many useless HTML Tags, and it realy suck database space. This is the reason I hope there is an official sanitizer or devGuide for RichTextArea. 2012/9/19 Brandon Donnelson <[email protected]> > I copied it and added all the tags I need. :) > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/google-web-toolkit/-/IyR9vXDFWCkJ. > > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > -- Gong Min [email protected] -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
