org.owasp.html
Class HtmlSanitizer

java.lang.Object
  extended by org.owasp.html.HtmlSanitizer

public final class HtmlSanitizer
extends java.lang.Object

Consumes an HTML stream, and dispatches events to a policy object which decides which elements and attributes to allow.


Nested Class Summary
static interface HtmlSanitizer.Policy
          Receives events based on the HTML stream, and applies a policy to decide what HTML constructs to allow.
 
Constructor Summary
HtmlSanitizer()
           
 
Method Summary
static void sanitize(java.lang.String html, HtmlSanitizer.Policy policy)
          Sanitizes the given HTML by applying the given policy to it.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

HtmlSanitizer

public HtmlSanitizer()
Method Detail

sanitize

public static void sanitize(@Nullable
                            java.lang.String html,
                            HtmlSanitizer.Policy policy)
Sanitizes the given HTML by applying the given policy to it.

This method is not in the TCB.

This method has no return value since policies are assumed to render things they accept and do nothing on things they reject. Use HtmlStreamRenderer to render content to an output buffer.

Parameters:
html - A snippet of HTML to sanitize. null is treated as the empty string and will not result in a NullPointerException.
policy - The Policy that will receive events based on the tokens in html. Typically, this policy ends up routing the events to an HtmlStreamRenderer after filtering. HtmlPolicyBuilder provides an easy way to create policies.


Copyright © 2012 OWASP. All Rights Reserved.