Plugins You can find out about all the publicly available Grails plugins.

Html Cleaner

  • Tags: sanitizer, jsoup, xss
  • Latest: 0.4
  • Last Updated: 12 October 2016
  • Grails version: 1.3.7 > *
2 votes
compile "org.grails.plugins:html-cleaner:0.4"

 Documentation  Source  Issues


whitelist based html cleaner based on jsoup


grails install-plugin html-cleaner


Documentation userguide

Note: The plugin has been developed to support 1.3.7> - It should work fine with the grails 2.x as well.*

Defining custom whitelists

Plugin provides DSL to define whitelists in configuration.

htmlcleaner {
    whitelists = {
        whitelist("sample") {
            startwith "none"
            allow "b", "p", "span"
        whitelist("sample-with-anchor") {
            startwith "sample"
            allow("a") {
                attributes "href"
                enforce attribute:"rel", value:"nofollow"

whitelist("basic-with-tables") { startwith "basic" allow "table", "tr", "td" }

} }


Plugin adds a dynamic method cleanHtml(String unsafe, String whitelistName) to all the controllers.

class FooController {
    def save = {

String cleaned = cleanHtml(params.description, 'sample-with-anchor') }


htmlCleaner bean

Plugin makes available a spring bean with name htmlCleaner that has a method cleanHtml() with same signature as the dynamic method available to controllers.

<hc:cleanHtml> tag

<hc:cleanHtml unsafe="${domainInstance.description}" whitelist="sample" />

Read documentation for more details on how to define custom whitelists.

Not just sanitizer

Html cleaner is not just a sanitizer, it cleans ill-formed user supplied html and produces a well formed xml.