Skip to main content

Reference

 

OutSystems

Sanitization API

API that provides methods to avoid code injection in HTML, Javascript and SQL snippets that need to include untrusted content, i.e., content gathered from end-users.

Summary

Actions
SanitizeHtml Sanitizes the provided HTML using the OWASP Java HTML Sanitizer Project. The implemented policy follows the example in https://github.com/OWASP/java-html-s...cyExample.java.
VerifyJavascriptLiteral Ensure the provided javascript only contains literals. If it contains anything else, an INVALID JAVASCRIPT LITERAL exception is thrown.
VerifySqlLiteral Ensure the provided SQL only contains literals. If it contains anything else, an INVALID SQL LITERAL exception is thrown.

 

Actions

 

SanitizeHtml

Sanitizes the provided HTML using the OWASP Java HTML Sanitizer Project. The implemented policy follows the example in https://github.com/OWASP/java-html-s...cyExample.java.

Inputs

Html
Type: Text. Mandatory.
The HTML to sanitize.

Outputs

SanitizedHtml
Type: Text.
The sanitized HTML.

VerifyJavascriptLiteral

Ensure the provided javascript only contains literals. If it contains anything else, an INVALID JAVASCRIPT LITERAL exception is thrown.

Inputs

JavascriptLiteral
Type: Text. Mandatory.
The JavaScript literal to sanitize.

Outputs

SanitizedJavascriptLiteral
Type: Text.
The sanitized JavaScript literal.

VerifySqlLiteral

Ensure the provided SQL only contains literals. If it contains anything else, an INVALID SQL LITERAL exception is thrown.

Inputs

SqlLiteral
Type: Text. Mandatory.
The SQL to sanitize.

Outputs

SanitizedSqlLiteral
Type: Text.
The sanitized SQL.
  • Was this article helpful?