How do I filter my Web Content Portlet?
How do I filter my Web Content Portlet?
The filter configuration is key to making the portlet behave how you would like it. You can strip tags and attributes at will to confine content authors (your own or external sources) from changing elements within the portal. There will be a properties file that you can either setup once and use for each web content portlet or you can lock down each portlet individually.
The properties file contains three entries.
• tags.allow - Keep in mind that this filter is designed to let you pick the tags you want it to use and will block all others. You can use a comma separated list of values to specify what tags you would like the filter to leave in.
• attributes.ignore - Unlike tags, the filter will allow all attributes and you will have to specific which ones you don't want. You can use a comma separated list of values to specify which attributes you would like to remove.
• attributes.valueFilters - The value filters are designed to let you filter the contents of an attribute’s value. You can use a comma separated list of regular expressions to filter out contents of attributes.
Example:
Consider the following html.
<html>
<head>
</head>
<body>
<p>Lorem ipsum dolor sit amet.</p>
<ul>
<li class="item">Item 1<li>
<li id="item">Item 2<li>
</ul>
<br>
<a href="#" onmouseover="javascript:nav.src='images/nav_on.gif';" onmouseout="javascript:nav.src='images/nav_off.gif';">
<img name="nav" src="images/nav_off.gif" border="0">
</a>
</body>
</html>
With the following .properties filter configuration.
tags.allow=ul, li, a, img, br, body, html
Lorem ipsum dolor sit amet.#note: no p so it will filter
attributes.ignore=class
#note: class="item" will be filtered
attributes.valueFilters=^javascript:.*$
#onmouseover="javascript:nav.src='images/nav_on.gif';"
#onmouseout="javascript:nav.src='images/nav_off.gif';"
#will be filtered.
After filtering we will be left with the following XHTML:
<html>
<body>
<ul>
<li>Item 1</li>
<li id="item">Item 2</li>
</ul>
<br />
<a href="#">
<img name="nav" src="images/nav_off.gif" border="0" />
</a>
</body>
</html>
