Class NarrativeUtil

java.lang.Object
ca.uhn.fhir.rest.server.util.NarrativeUtil

public class NarrativeUtil extends Object
  • Method Summary

    Modifier and Type
    Method
    Description
    static org.hl7.fhir.utilities.xhtml.XhtmlNode
    sanitize(org.hl7.fhir.utilities.xhtml.XhtmlNode theNode)
    This method accepts an Xhtml (generally a narrative) and sanitizes it, removing unsafe elements.
    static String
    This method accepts an Xhtml (generally a narrative) and sanitizes it, removing unsafe elements.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Method Details

    • sanitizeHtmlFragment

      public static String sanitizeHtmlFragment(String theHtml)
      This method accepts an Xhtml (generally a narrative) and sanitizes it, removing unsafe elements. This method leverages the OWASP Java HTML Sanitizer to perform this task. The policy allows the following:
      • Block tags are allowed
      • Tables are allowed
      • Basic styles are allowed but any styles considered unsafe are removed from the document (e.g. any style declarations that could be used to load external content)
      • Attributes considered safe are allowed
      • Any links (invalid input: '&lta' href="....") are removed although any text inside the link is retained
      • All other elements and attributes are removed
    • sanitize

      public static org.hl7.fhir.utilities.xhtml.XhtmlNode sanitize(org.hl7.fhir.utilities.xhtml.XhtmlNode theNode)
      This method accepts an Xhtml (generally a narrative) and sanitizes it, removing unsafe elements. This method leverages the OWASP Java HTML Sanitizer to perform this task. The policy allows the following:
      • Block tags are allowed
      • Tables are allowed
      • Basic styles are allowed but any styles considered unsafe are removed from the document (e.g. any style declarations that could be used to load external content)
      • Attributes considered safe are allowed
      • Any links (invalid input: '&lta' href="....") are removed although any text inside the link is retained
      • All other elements and attributes are removed