Class PBHtmlUtils
This class provides methods to:
- Convert plain text to HTML format with selective XSS protection
- Apply email templates by replacing content placeholders
- Sanitize content by removing dangerous script tags and event handlers
This class is designed to be used from Groovy scripts in Bonita processes, where the template and DAO operations are handled externally.
Security Note: This class implements selective XSS protection
that removes script tags and JavaScript event handlers while preserving
legitimate HTML tags like <a href="..."> links.
- Since:
- 1.0
- Author:
- Bonitasoft
-
Method Summary
Modifier and TypeMethodDescriptionstatic StringapplyEmailTemplate(String template, String content) Applies an email template by replacing the {{content}} placeholder with the provided content.static StringconvertTextToHtml(String text) Converts text content to HTML format with selective XSS protection.static StringprepareEmailContent(String textContent, String emailTemplate) Prepares email content by converting text to HTML and applying the email template.
-
Method Details
-
convertTextToHtml
Converts text content to HTML format with selective XSS protection.This method performs the following transformations:
- Removes script tags and their content (XSS protection)
- Removes JavaScript event handler attributes (onclick, onload, etc.)
- Removes javascript: protocol from href attributes
- Converts literal escape sequences from JSON (\\n, \\r, \\t) to HTML equivalents
- Converts real control characters (\n, \r, \t) to HTML equivalents
- Converts multiple consecutive spaces to non-breaking spaces
Security Note: This method uses selective XSS protection instead of full HTML escaping. This allows legitimate HTML tags like
<a href="...">to be preserved while removing dangerous content like script tags and event handlers.- Parameters:
text- The text to convert to HTML format.- Returns:
- The HTML-formatted text with XSS protection, or null if input is null, or empty string if input is empty.
-
applyEmailTemplate
Applies an email template by replacing the {{content}} placeholder with the provided content.The method expects the template to contain a
{{content}}placeholder (with optional whitespace inside the braces). The content is inserted at this location.Important: This method assumes the content has already been converted to HTML format using
convertTextToHtml(String)if it was plain text.- Parameters:
template- The HTML email template containing the {{content}} placeholder.content- The HTML content to insert into the template.- Returns:
- The complete email HTML with the content inserted, or:
- The original content if template is null or empty
- The template unchanged if content is null
- The template with placeholder replaced by empty string if content is empty
-
prepareEmailContent
Prepares email content by converting text to HTML and applying the email template.This is a convenience method that combines
convertTextToHtml(String)andapplyEmailTemplate(String, String)in a single call.Important: If the email template is null, empty, or does not contain the
{{content}}placeholder, this method returns the original text content without any HTML conversion or template application.Usage from Bonita Groovy script:
// In your Groovy script: String finalResult = PBStringUtils.resolveTemplateVariables(originalResult, dataResolver) // Get the email template from PBConfiguration PBConfiguration pbConfiguration = pBConfigurationDAO.findByFullNameAndRefEntityTypeName( SmtpType.EMAILTEMPLATE.name(), ConfigurationType.SMTP.name() ) String emailTemplateString = pbConfiguration.getConfigValue() // Apply the template to the content String emailBody = PBHtmlUtils.prepareEmailContent(finalResult, emailTemplateString)- Parameters:
textContent- The plain text content to be included in the email.emailTemplate- The HTML email template containing {{content}} placeholder.- Returns:
- The complete email HTML ready to be sent, or the original textContent if the template is invalid (null, empty, or missing placeholder).
-