You could attach the renderer to a StringWriter
instead of System.out
, but it's probably easier to just use the policy's sanitize
convenience method
:
public java.lang.String sanitize(@Nullable java.lang.String html)
A convenience function that sanitizes a string of HTML.
which returns a string of HTML that is safe to interpolate into your JSP page.