|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.owasp.html.HtmlSanitizer
public final class HtmlSanitizer
Consumes an HTML stream, and dispatches events to a policy object which decides which elements and attributes to allow.
Nested Class Summary | |
---|---|
static interface |
HtmlSanitizer.Policy
Receives events based on the HTML stream, and applies a policy to decide what HTML constructs to allow. |
Constructor Summary | |
---|---|
HtmlSanitizer()
|
Method Summary | |
---|---|
static void |
sanitize(java.lang.String html,
HtmlSanitizer.Policy policy)
Sanitizes the given HTML by applying the given policy to it. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public HtmlSanitizer()
Method Detail |
---|
public static void sanitize(@Nullable java.lang.String html, HtmlSanitizer.Policy policy)
This method is not in the TCB.
This method has no return value since policies are assumed to render things
they accept and do nothing on things they reject.
Use HtmlStreamRenderer
to render content to an output buffer.
html
- A snippet of HTML to sanitize. null
is treated as the
empty string and will not result in a NullPointerException
.policy
- The Policy that will receive events based on the tokens in
html. Typically, this policy ends up routing the events to an
HtmlStreamRenderer
after filtering.
HtmlPolicyBuilder
provides an easy way to create policies.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |