org.owasp.html

Class Sanitizers

java.lang.Object

org.owasp.html.Sanitizers

public final class Sanitizers
extends Object

Pre-packaged HTML sanitizer policies.

These policies can be used to sanitize content.

   Sanitizers.FORMATTING.sanitize( "<b>Hello, World!</b>")
 

and can be chained

   PolicyFactory sanitizer = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS);
   System.out.println(sanitizer.sanitize( "<p>Hello, <b>World!</b>"));
 

For more fine-grained control over sanitization, use HtmlPolicyBuilder.

Author:

Mike Samuel ([email protected])

Field Summary

Fields

Modifier and Type	Field and Description
static PolicyFactory	BLOCKS Allows common block elements including <p>, <h1>, etc.
static PolicyFactory	FORMATTING Allows common formatting elements including <b>, <i>, etc.
static PolicyFactory	IMAGES Allows <img> elements from HTTP, HTTPS, and relative sources.
static PolicyFactory	LINKS Allows HTTP, HTTPS, MAILTO, and relative links.
static PolicyFactory	STYLES Allows certain safe CSS properties in style="..." attributes.
static PolicyFactory	TABLES Allows common table elements.

Method Summary

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

FORMATTING

public static final PolicyFactory FORMATTING

Allows common formatting elements including <b>, <i>, etc.

BLOCKS

public static final PolicyFactory BLOCKS

Allows common block elements including <p>, <h1>, etc.

STYLES

public static final PolicyFactory STYLES

Allows certain safe CSS properties in style="..." attributes.

LINKS

public static final PolicyFactory LINKS

Allows HTTP, HTTPS, MAILTO, and relative links.

TABLES

public static final PolicyFactory TABLES

Allows common table elements.

IMAGES

public static final PolicyFactory IMAGES

Allows <img> elements from HTTP, HTTPS, and relative sources.