21.9 HTML_ALLOWLIST_CLOB Function

This function performs HTML escape on all characters in the input text except the specified allowlist tags. This function can be useful if the input text contains simple HTML markup but a developer wants to ensure that an attacker cannot use malicious tags for cross-site scripting.

Syntax

APEX_ESCAPE.HTML_ALLOWLIST_CLOB (
    p_html           IN CLOB,
    p_allowlist_tags IN VARCHAR2 DEFAULT c_html_allowlist_tags )
    RETURN CLOB deterministic;

Parameters

Table 21-9 HTML_ALLOWLIST_CLOB Parameters

Parameter	Description
p_html	The text string that is filtered.
p_allowlist_tags	The comma-separated list of tags that stays in p_html.

See Also:

• HTML_ALLOWLIST Function
• HTML_CLOB Function
• HTML_TRUNC Function Signature 2
• HTML_ATTRIBUTE_CLOB Function
• SET_HTML_ESCAPING_MODE Procedure