DWN-31929 : move whitelist to class level

2020-02-17 12:51:17 +00:00 · 2020-02-17 12:51:17 +00:00 · acaa64b4d5
parent dd92d8473e
commit acaa64b4d5
1 changed files with 4 additions and 4 deletions
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
@ -54,6 +54,10 @@ import com.google.gson.JsonSerializer;
 */
 public class UserInfoInterceptor extends HandlerInterceptorAdapter {

+	private final Whitelist whitelist = Whitelist.relaxed()
+		.removeTags("a")
+		.removeProtocols("img", "src", "http", "https");
+
 	private Gson gson = new GsonBuilder()
 			.registerTypeHierarchyAdapter(GrantedAuthority.class, new JsonSerializer<GrantedAuthority>() {
 				@Override
@ -142,10 +146,6 @@ public class UserInfoInterceptor extends HandlerInterceptorAdapter {
 	}
 	
 	private String sanitise(String elementToClean) {
-		final Whitelist whitelist = Whitelist.relaxed()
-			.removeTags("a")
-			.removeProtocols("img", "src", "http", "https");
-		
 		if (elementToClean != null) {
 			return Jsoup.clean(elementToClean, whitelist);
 		}