/** * Allowing Javascript action tags to be used as attributes (onmouseover, etc) is a bad thing, so * clean up HTML tags to remove any such attributes. */ protected static String validateHtmlTag(String tag) { String[] tagInfo = JFlexParserUtil.parseHtmlTag(tag); String tagOpen = tagInfo[2]; String tagKeyword = tagInfo[0]; String attributes = tagInfo[1]; String tagClose = tagInfo[3]; String result = "<"; if (tagOpen.indexOf('/') != -1) { result += "/"; } result += tagKeyword; if (!StringUtils.isBlank(attributes)) { result += " " + attributes; } if (tagClose.indexOf('/') != -1) { tagClose = " />"; } result += tagClose.trim(); return result; }