17.5. Using the SeamTextParser
The
<s:formattedText/>
JSF component uses the org.jboss.seam.text.SeamTextParser
internally. You can use this class directly to implement your own text parsing, rendering, and HTML sanitation procedures. If you have a custom front-end interface for entering rich text, such as a JavaScript-based HTML editor, this can be useful for validating user input in order to defend against Cross-Site Scripting (XSS) attacks. You could also use it as a custom Wiki text-parsing and rendering engine.
The following example defines a custom text parser, which overrides the default HTML sanitizer:
public class MyTextParser extends SeamTextParser { public MyTextParser(String myText) { super(new SeamTextLexer(new StringReader(myText))); setSanitizer( new DefaultSanitizer() { @Override public void validateHtmlElement(Token element) throws SemanticException { // TODO: I want to validate HTML elements myself! } } ); } // Customizes rendering of Seam text links such as [Some Text=>http://example.com] @Override protected String linkTag(String descriptionText, String linkText) { return "<a href=\"" + linkText + "\">My Custom Link: " + descriptionText + "</a>"; } // Renders a <p> or equivalent tag @Override protected String paragraphOpenTag() { return "<p class=\"myCustomStyle\">"; } public void parse() throws ANTLRException { startRule(); } }
linkTag()
and paragraphOpenTag()
methods are two of the methods you can override in order to customize rendered output. These methods usually return String
output. For further details, refer to the Java Documentation. The org.jboss.seam.text.SeamTextParser.DefaultSanitizer
Java Documentation also contains more information about the HTML elements, attributes, and attribute values that are filtered by default.