I use JSoup to secure rich text areas against harmful code. How do I get a list of all the disallowed tag/code found in the string passed to JSoup's parse, clean or isValid functions?

I use ColdFusion and can parse the text with JSoup like this:

var jsoupDocument = application.jsoup.parse( this.Description );

How do I get a list with JSoup 's getErrors() function to see which HTML does not comply to my whitelist.relaxed()?

I don't believe there's a direct function in jsoup to get a list of the invalid elements based on your whitelist. You'd have to roll your own.

It's not overly complicated. You can still work from a Document object, select all of the elements and then individually check them against your whitelist with jsoup's isValid() function.

As an example, this could probably get you started...

<cfscript>

jsoup = createObject("java", "org.jsoup.Jsoup");
whitelist = createObject("java", "org.jsoup.safety.Whitelist").relaxed();
form.textarea = '<header>Hi</header><script>hello</script><nav><li>Links</li></nav></textarea>';

badTags = [];
content = jsoup.parse(form.textarea).body().select("*");
for(element in content) {
    // tagName() doesn't inlcude the brackets so add them in
    tag = chr(60) & element.tagName() & chr(62);
    if (!jsoup.isValid(tag, whitelist)) {
        arrayAppend(badTags, tag);
    }
}

writeDump(badTags);

</cfscript>