Suggest to include method "stripHTML"

[GoogleCodeExporter]

Enhancement:

It would be useful if the ESAPI would provide a method for converting a string 
that might contain HTML tags into a text-only string. That could be used to 
sanitize a string in order to prevent XSS.

Original issue reported on code.google.com by sascha.k...@gmail.com on 11 Feb 2013 at 4:32

[GoogleCodeExporter]

Original comment by apex.es...@gmail.com on 11 Feb 2013 at 7:18

• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

What about 
http://force-dot-com-esapi.googlecode.com/svn/trunk/doc/SFDCEncoder.html#SFDC_HT
MLENCODE(String) ?

Original comment by apex.es...@gmail.com on 11 Feb 2013 at 7:26

[GoogleCodeExporter]

Proposed code

    global static String stripHtml(String dirtyString) {
        String cleanString = dirtyString;
        // remove all HTML tags
        cleanString = cleanString.replaceAll('<[^>]+>',' ');
        return cleanString;
    }

Original comment by sascha.k...@gmail.com on 12 Feb 2013 at 4:04

[GoogleCodeExporter]

This enhancement is no longer needed since the base String class now has a 
stripHtmlTags method: 
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_System_String_
stripHtmlTags.htm

Original comment by shadowsi...@gmail.com on 23 Dec 2013 at 4:23