FacesOutputFiltering

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.ibm.xsp.component
Interface FacesOutputFiltering

All Known Subinterfaces:: FacesInputFiltering

All Known Implementing Classes:: UIInputCheckbox, UIInputEx, UIInputRadio, UIInputRichText, UIInputText, UIOutputEx, UIOutputLink, UIOutputText, UIPassThroughTag, UIPassThroughText, UITypeAhead, UIViewColumnText, UIViewTitle, XspInputCheckbox, XspInputHidden, XspInputRadio, XspInputRichText, XspInputText, XspInputTextarea, XspOutputLabel, XspOutputLink, XspOutputScript, XspOutputText, XspTypeAhead, XspViewTitle

public interface FacesOutputFiltering

Implemented by ValueHolder controls with an "htmlFilter" property, implementations usually delegate to the htmlFilter property or if it is not set, a default filter name may be used instead.

Each filter is a Content processor. Related to the properties "htmlFilter" and "htmlFilterIn" on the Edit Box and other controls. Those properties allow the application designer to choose between different types of HTML filterings that should be applied to the control output when the XPage is displayed and to the control input, when values from a submitted page are saved to the document or to the data binding. Each of the options in the "htmlFilter" property corresponds to a filtering engine that filters the input or output in a different manner. For example, the filter name "striptags" corresponds to a filtering engine that will remove all HTML tags from the output, so it just appears as plain text. The most useful filtering engine is the "acf" filter, meaning Active Content Filtering, which attempts to filter out dangerous HTML and JavaScript.

Controls that output values from bindings, or any user-originating values, should implement FacesOutputFiltering so that page designers can configure the control to prevent malicious site users attacking other users. Controls that input values from users or from web browsers should implement FacesInputFiltering so that the control may be configured to prevent malicious data being saved, to avoid redisplaying that input. The implementations of those interfaces may provide a default filter name, to be used if the page designer has not configured a filter on this specific control instance. Once the filter name is determined, the control can use FacesContextEx.filterHtml(String, String) to filter the value.

Method Summary
`java.lang.String`	`getHtmlFilterName()` Look for an html filtering engine associated to the control.

Method Detail

getHtmlFilterName

java.lang.String getHtmlFilterName()

Look for an html filtering engine associated to the control.

Returns: