How could I make @SafeHtml a default validator for String types? And is this stupid?
Hibernate Validator has a validator called @SafeHtml which prevents HTML tags for XSS protection. I'd like that to be the default for String fields (and some way to turn it off). Can you point me in the right direction?
Also, how to change whitelistType default to NONE?
Bean Validation doesn't have a notion of constraints implicitly added for specific data types.
But if you are working with Hibernate Validator you could take advantage of the API for dynamic constraint declaration. You could identify all String properties of your model by querying the meta-model (see Validator#getConstraintsForClass()). Then you would add the @SafeHtml constraint to all these properties via the constraint declaration API. You also could apply the right whitelist type for the consttraints.