Jsoup.clean, image src data:image/png lost

Question

String "unsafe" comes from contenteditable="true" div to where it was pasted as image from clipboard

// neeeds to be escaped. It is HTML5 valid
String unsafe = ""<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAABaklEQVQokZWSXYuCQBSG+xdCa5nRRZgzUlmDNlmCxSCjZg4Y9OkwMxf9Sn/aXrRERrC779U5L+fhfHBa9T/Vek3m8/kztm3bcRzXdTebjed50+m0AWy3W4RQXdcAgCcAIcyyTEpZlqVlWQ1ASnm9XpMksW3bsiwAAISQECKEuN/vlNL1et0ALpeLUkoIked5EAS+7xNCqqpSSlFKwzB838FxnCiKzuezEOJ4PJZlebvdOOdxHGOMPyytaRqEEGPMGOOcSymVUoyx5+gfrjQYDB5zn04nznlVVYyxyWRimuYHoN/vD4fD5XKZpmlRFGma7na7w+GQ5zlCaDQavQOu64ZhmCRJlmUYYwDAeDwOw7Aoiv1+v1gsHMdpAIQQSiml1Pd9wzC63a5hGL1eDyEURVEQBJ1OpwFQSuM49jxP13Vd1x+maZpfL2oAq9VqNpu1221N097O8lpdv/3Sj9X6YDaA1p/V6PBr6UPfrxpWT8DSD68AAAAASUVORK5CYII=" alt="">
"


org.jsoup.safety.Whitelist whitelist = Whitelist.relaxed();   

whitelist.addEnforcedAttribute("a", "rel", "nofollow"); 

String safe = Jsoup.clean(unsafe, whitelist);

//and safe becomes: "<img alt="">"
//entire src lost !?

Note: randome surrouning html has no effect. Src is lost in any case.

Community · Accepted Answer · 2017-05-23 12:24:43Z

4

The basic problem here is that if one quick looks at relaxed here: http://jsoup.org/apidocs/org/jsoup/safety/Whitelist.html#relaxed assumes only tags are in, without attributes. Did not look into source, but here claims some attributes are also in: How to make a Jsoup whitelist to accept certain attribute content. And image is also already in and src also.

the problem that causes my src to disapear is at

preserveRelativeLinks

Which is set to false,for relaxed, hidden somewhere in JSoup code https://github.com/jhy/jsoup/issues/333

--> should be set to true:

System.out.println(Jsoup.clean("<img src='imgFile.png' />","http://www.somedomain.com", Whitelist.relaxed().preserveRelativeLinks(true)));

edited May 23, 2017 at 12:24

CommunityBot

11 silver badge

answered Feb 16, 2016 at 7:54

Miran C

1051 silver badge10 bronze badges

3

whitelist.addProtocols("img", "src", "http", "https", "data", "cid"); should be added as well
– Andremoniy
Commented Nov 17, 2016 at 11:36

Add a comment |

yglodt · Accepted Answer · 2019-08-02 14:03:30Z

2

This is how to allow basic text with inline images like src="data:image/png;base64,...":

String safe = Jsoup.clean(unsafe, Whitelist.basic()
.addTags("img")
.addAttributes("img", "height", "src", "width")
.addProtocols("img", "src", "http", "https", "data"));

answered Aug 2, 2019 at 14:03

yglodt

14.4k15 gold badges98 silver badges135 bronze badges

1

This worked for me - changing the whitelist to safelist
– Filip Tvrdoň
Commented Mar 24, 2023 at 9:27

Add a comment |

Collectives™ on Stack Overflow

Jsoup.clean, image src data:image/png lost

2 Answers 2

Not the answer you're looking for? Browse other questions tagged
image
jsoup
src
or ask your own question.

Linked

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

Not the answer you're looking for? Browse other questions tagged imagejsoupsrc or ask your own question.

Linked

Related

Not the answer you're looking for? Browse other questions tagged
image
jsoup
src
or ask your own question.