I am trying to add OWASP HTMLSanitizer API in my ATG(9.3) application but I am getting below exception:
**** Error Wed Jan 16 01:35:45 IST 2019 1547582745139
/ Unable to resolve component /test/util/TestingUtil
java.lang.NoClassDefFoundError: org/owasp/html/HtmlPolicyBuilder
Implementation Changes done so far:
1) Added owasp-java-html-sanitizer.jar and guava-20.0.jar in my commerce/lib folder(place where all the jars are present)
2) Created CustomSanitizer component i.e. CustomSanitizer.properties file with content as :
$class=org.owasp.html.HtmlPolicyBuilder
$scope=global
3) Added the above created component to the existing component where we need to sanitize URL. Existing Component proeprties file(TestingUtil.properties)
$class=com.util.TestingUtil
htmlPolicyBuilder=/test/util/HTMLPolicyBuilder
4) TestingUtil.java :
private HtmlPolicyBuilder htmlPolicyBuilder;(setters and getters)
public String filterUrl(String url) {
String filteredURL = url;
PolicyFactory policy = htmlPolicyBuilder
.allowElements("a")
.allowUrlProtocols("https")
.allowAttributes("href").onElements("a")
.requireRelNofollowOnLinks()
.toFactory();
filteredURL = policy.sanitize(url);
}
return filteredURL;
Please suggest.
Firstly, just checking, because its not obvious from your Implementation Changes listed above; Have you included the new JARs in your module manifest? between step 1 and step 2. (looking at your error, I suspect this is the case)
Then, the Nucleus component you have defined (CustomSanitizer.properties), are you able to instantiate it alone? e.g what do you get if you navigate to the component through the Component Browser in
dyn/admin? (it's global, it should be able to instantiate it at first access).Then, if the component can be instantiated, then figure out why your TestigUtil component can not access it. Is the path to the component correct?