org.owasp.html

Class PolicyFactory

java.lang.Object

org.owasp.html.PolicyFactory

All Implemented Interfaces:

com.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy>

@ThreadSafe
 @Immutable
public final class PolicyFactory
extends Object
implements com.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy>

A factory that can be used to link a sanitizer to an output receiver and that provides a convenient sanitize method and a and method to compose policies.

Author:

Mike Samuel ([email protected])

Method Summary

Modifier and Type	Method and Description
PolicyFactory	and(PolicyFactory f) Produces a factory that allows the union of the grants, and intersects policies where they overlap on a particular granted attribute or element name.
HtmlSanitizer.Policy	apply(HtmlStreamEventReceiver out) Produces a sanitizer that emits tokens to out.
<CTX> HtmlSanitizer.Policy	apply(HtmlStreamEventReceiver out, HtmlChangeListener<CTX> listener, CTX context) Produces a sanitizer that emits tokens to out and that notifies any listener of any dropped tags and attributes.
String	sanitize(String html) A convenience function that sanitizes a string of HTML.
<CTX> String	sanitize(String html, HtmlChangeListener<CTX> listener, CTX context) A convenience function that sanitizes a string of HTML and reports the names of rejected element and attributes to listener.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.google.common.base.Function

equals

Method Detail

apply

public HtmlSanitizer.Policy apply(@Nonnull
                                  HtmlStreamEventReceiver out)

Produces a sanitizer that emits tokens to out.

Specified by:

apply in interface com.google.common.base.Function<HtmlStreamEventReceiver,HtmlSanitizer.Policy>

apply

public <CTX> HtmlSanitizer.Policy apply(HtmlStreamEventReceiver out,
                                        @Nullable
                                        HtmlChangeListener<CTX> listener,
                                        @Nullable
                                        CTX context)

Produces a sanitizer that emits tokens to out and that notifies any listener of any dropped tags and attributes.

Parameters:

out - a renderer that receives approved tokens only.

listener - if non-null, receives notifications of tags and attributes that were rejected by the policy. This may tie into intrusion detection systems.

context - if (listener != null) then the context value passed with notifications. This can be used to let the listener know from which connection or request the questionable HTML was received.

sanitize

public String sanitize(@Nullable
                       String html)

A convenience function that sanitizes a string of HTML.

sanitize

public <CTX> String sanitize(@Nullable
                             String html,
                             @Nullable
                             HtmlChangeListener<CTX> listener,
                             @Nullable
                             CTX context)

A convenience function that sanitizes a string of HTML and reports the names of rejected element and attributes to listener.

Parameters:

html - the string of HTML to sanitize.

listener - if non-null, receives notifications of tags and attributes that were rejected by the policy. This may tie into intrusion detection systems.

context - if (listener != null) then the context value passed with notifications. This can be used to let the listener know from which connection or request the questionable HTML was received.

Returns:

a string of HTML that complies with this factory's policy.

and

public PolicyFactory and(PolicyFactory f)

Produces a factory that allows the union of the grants, and intersects policies where they overlap on a particular granted attribute or element name.